CVE-2022-37202
HIGHjfinal_cms 5.1.0 - SQL Injection via /admin/advicefeedback/list
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-37202. PoCs published by AgainstTheLight.
AI-analyzed exploit summary The repository provides a technical description of CVE-2022-37202, an SQL injection vulnerability in JFinal CMS 5.1.0. It outlines the affected component, attack type, and impact but lacks functional exploit code.
Description
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list
Exploits (1)
nomisec
WRITEUP
by AgainstTheLight · poc
https://github.com/AgainstTheLight/CVE-2022-37202
The repository provides a technical description of CVE-2022-37202, an SQL injection vulnerability in JFinal CMS 5.1.0. It outlines the affected component, attack type, and impact but lacks functional exploit code.
Classification
Writeup 70%
Attack Type
Sqli
Complexity
Moderate
Reliability
Theoretical
Target:
JFinal CMS 5.1.0
Auth required
Prerequisites:
User login credentials
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://github.com/AgainstTheLight/CVE-2022-37202/blob/main/README.md
Exploit, Third Party Advisory
https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql1.md
Scores
CVSS v3
8.8
EPSS
0.0101
EPSS Percentile
58.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
jflyfox/jfinal_cms
5.1.0
Published
Oct 26, 2022
Tracked Since
Feb 18, 2026