Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-37208

JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.

Published

2022-10-13T12:15:11.167

Last Modified

2025-05-15T16:15:25.990

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-89
Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jflyfox	jfinal_cms	5.1.0	Yes

References

https://github.com/AgainstTheLight/CVE-2022-37208 Third Party Advisory ([email protected])
https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql5.md Exploit, Third Party Advisory ([email protected])
https://github.com/AgainstTheLight/CVE-2022-37208 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql5.md Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)