cvedb.io
CVE-2024-57665
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-01-29T23:15:22.597 · Last modified 2026-06-17T08:13:53.820

Summary

JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering.

Affected products

heyewei — jfinalcms

Does this affect you?

Add your gear to cvedb and we'll alert you only when heyewei ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.