Nbc

1 exploit Active since Jan 2025
CVE-2024-57665 WRITEUP CRITICAL WRITEUP
JFinalCMS 1.0 - SQL Injection via Title Parameter
JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering.
CVSS 9.8