CVE-2023-26812 – com.jflyfox:jflyfox_jfinal

Package

Manager: maven
Name: com.jflyfox:jflyfox_jfinal
Vulnerable Version: <0

Severity

Level: Critical

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Arbitrary code execution in jfinal CMS ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8qhm-ch8h-xgjr. This link is maintained to preserve external references. ## Original Description Command execution vulnerability in the ActionEnter Class ins jfinal CMS version 5.1.0 allows attackers to execute arbitrary code via a created json file to the ueditor route.

Metadata

Created: 2023-04-28T21:30:19Z
Modified: 2023-05-03T18:17:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-gh24-c683-79r2/GHSA-gh24-c683-79r2.json
CWE IDs: []
Alternative ID: GHSA-gh24-c683-79r2
Finding: N/A
Auto approve: 0