Exploitation Summary
EIP tracks 1 public exploit for CVE-2022-37205. PoCs published by AgainstTheLight.
AI-analyzed exploit summary The repository lacks actual exploit code and instead references an external link for details. The README is vague and does not provide technical specifics about the SQL injection vulnerability.
Description
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
Exploits (1)
nomisec
SUSPICIOUS
by AgainstTheLight · poc
https://github.com/AgainstTheLight/CVE-2022-37205
The repository lacks actual exploit code and instead references an external link for details. The README is vague and does not provide technical specifics about the SQL injection vulnerability.
Classification
Suspicious 90%
Attack Type
Sqli
Complexity
Theoretical
Reliability
Theoretical
Target:
JFinal CMS 5.1.0
Auth required
Prerequisites:
User login credentials
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql8.md
Third Party Advisory x_refsource_misc
https://github.com/AgainstTheLight/CVE-2022-37205/blob/main/README.md
Scores
CVSS v3
8.8
EPSS
0.0112
EPSS Percentile
62.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
jflyfox/jfinal_cms
5.1.0
Published
Sep 20, 2022
Tracked Since
Feb 18, 2026