/CVE-2022-37210

CVE-2022-37210 POC

Apache License 2.0Apache-2.0

CVE-2022-37210

CVE-2022-37210 POC

[Suggested description] JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.


[Additional Information] https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql9.md


[Vulnerability Type] SQL Injection


[Vendor of Product] the development group


[Affected Product Code Base] https://github.com/jflyfox/jfinal_cms - JFinal CMS 5.1.0


[Affected Component] These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection


[Attack Type] Remote


[Impact Code execution] true


[Attack Vectors] User login is required


[Reference] https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql9.md


[Discoverer] jw5t

Use CVE-2022-37209.

[Suggested description] JFinal CMS 5.1.0 is vulnerable to SQL Injection.


[Additional Information] https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql6.md


[Vulnerability Type] SQL Injection


[Vendor of Product] the development group


[Affected Product Code Base] https://github.com/jflyfox/jfinal_cms - JFinal CMS 5.1.0


[Affected Component] These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection


[Attack Type] Remote


[Impact Code execution] true


[Impact Information Disclosure] true


[Attack Vectors] User login is required


[Reference] https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql6.md


[Discoverer] jw5t

Use CVE-2022-37210.