Skip to content

Duplicate Advisory: Arbitrary code execution in jfinal CMS

Critical severity GitHub Reviewed Published Apr 28, 2023 to the GitHub Advisory Database • Updated Nov 10, 2023
Withdrawn This advisory was withdrawn on May 3, 2023

Package

maven com.jflyfox:jflyfox_jfinal (Maven)

Affected versions

<= 5.1.0

Patched versions

None

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-8qhm-ch8h-xgjr. This link is maintained to preserve external references.

Original Description

Command execution vulnerability in the ActionEnter Class ins jfinal CMS version 5.1.0 allows attackers to execute arbitrary code via a created json file to the ueditor route.

References

Published by the National Vulnerability Database Apr 28, 2023
Published to the GitHub Advisory Database Apr 28, 2023
Reviewed May 1, 2023
Withdrawn May 3, 2023
Last updated Nov 10, 2023

Severity

Critical

EPSS score

Weaknesses

No CWEs

CVE ID

CVE-2023-26812

GHSA ID

GHSA-gh24-c683-79r2

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.