CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list

**CVE-2022-37202**

CVE-2022-37202 POC

> \[Suggested description\] JFinal CMS 5.1.0 is vulnerable to SQL Injection.
> 
> \[Vulnerability Type\] SQL Injection
> 
> \[Vendor of Product\] the development group
> 
> \[Affected Product Code Base\] https://github.com/jflyfox/jfinal\_cms - JFinal CMS 5.1.0
> 
> \[Affected Component\] These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection
> 
> \[Attack Type\] Remote
> 
> \[Impact Code execution\] true
> 
> \[Impact Information Disclosure\] true
> 
> \[Attack Vectors\] User login is required
> 
> \[Reference\] https://github.com/AgainstTheLight/someEXP\_of\_jfinal\_cms/blob/main/jfinal\_cms/sql1.md
> 
> \[Discoverer\] jw5t

Headline

CVE-2022-37202: CVE-2022-37202/README.md at main · AgainstTheLight/CVE-2022-37202

CVE: Latest News