A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely.
History

Wed, 11 Dec 2024 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Jwillber
Jwillber jfinalcms
CPEs cpe:2.3:a:jwillber:jfinalcms:1.0:*:*:*:*:*:*:*
Vendors & Products Jwillber
Jwillber jfinalcms

Tue, 10 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Jfinalcms Project
Jfinalcms Project jfinalcms
CPEs cpe:2.3:a:jfinalcms_project:jfinalcms:1.0:*:*:*:*:*:*:*
Vendors & Products Jfinalcms Project
Jfinalcms Project jfinalcms
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 09 Dec 2024 01:00:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely.
Title JFinalCMS File Content ContentModel.java findPage sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-12-09T00:31:06.456Z

Updated: 2024-12-10T14:09:20.540Z

Reserved: 2024-12-08T16:59:02.518Z

Link: CVE-2024-12351

cve-icon Vulnrichment

Updated: 2024-12-10T14:09:13.863Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-09T01:15:06.120

Modified: 2024-12-11T17:32:56.967

Link: CVE-2024-12351

cve-icon Redhat

No data.