CVE-2020-19155

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/09/2021
Last modified:
26/10/2022

Description

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:jflyfox:jfinal_cms:*:*:*:*:*:*:*:* 4.7.1 (including)