← voltar
CVE-2024-12350

JFinalCMS Template TemplateController.java update command injection

CVSS 5.3 MEDIUMEPSS 3.6%CWE-74CWE-77
A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Produtos afetados
n/a · JFinalCMS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/hadagaga/vuln/blob/master/JFinalCMS/Server_Side%20_Template_Injection/Server-Side-Template-Injection.mdhttps://vuldb.com/?ctiid.287270https://vuldb.com/?id.287270https://vuldb.com/?submit.456047