CVE-2022-37204

CRITICAL

jfinal_cms 5.1.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-37204. PoCs published by AgainstTheLight.

AI-analyzed exploit summary This repository provides a detailed technical description of CVE-2022-37204, an SQL injection vulnerability in JFinal CMS 5.1.0. It references external documentation for exploit details but lacks direct exploit code.

Description

Final CMS 5.1.0 is vulnerable to SQL Injection.

Exploits (1)

nomisec WRITEUP
by AgainstTheLight · poc
https://github.com/AgainstTheLight/CVE-2022-37204

This repository provides a detailed technical description of CVE-2022-37204, an SQL injection vulnerability in JFinal CMS 5.1.0. It references external documentation for exploit details but lacks direct exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Moderate
Reliability
Theoretical
Target: JFinal CMS 5.1.0
Auth required
Prerequisites: User login credentials
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0104
EPSS Percentile 59.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
jflyfox/jfinal_cms 5.1.0
Published Sep 20, 2022
Tracked Since Feb 18, 2026