CVE-2024-53477

CRITICAL

Jflyfox Jfinal Cms - Insecure Deserialization

Title source: rule

JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java

CVSS v3 9.8

EPSS 0.0013

EPSS Percentile 32.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-502

Status published

jflyfox/jfinal_cms

Published Dec 02, 2024

Tracked Since Feb 18, 2026