CVE-2020-19155
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/09/2021
Last modified:
26/10/2022
Description
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:jflyfox:jfinal_cms:*:*:*:*:*:*:*:* | 4.7.1 (including) |
To consult the complete list of CPE names with products and versions, see this page