CVE-2024-57665 — CRITICAL (9.8)

Vulnerability Description

JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Heyewei	Jfinalcms	1.0

Related Weaknesses (CWE)

CWE-89

References

https://github.com/Nbccccc/vulnerability_discovery/blob/main/JFinalCMS/JFinalCmsExploitThird Party Advisory
https://github.com/Nbccccc/vulnerability_discovery/blob/main/JFinalCMS/JFinalCmsExploitThird Party Advisory

FAQ

What is CVE-2024-57665?

CVE-2024-57665 is a vulnerability with a CVSS score of 9.8 (CRITICAL). JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into f...

How severe is CVE-2024-57665?

CVE-2024-57665 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-57665?

Check the references section above for vendor advisories and patch information. Affected products include: Heyewei Jfinalcms.