Vulnerability CVE-2023-50449
Published: 2023-12-10   Modified: 2023-12-14

Description:
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.

Type:

CWE-22

 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

Affected software
Jfinalcms project -> Jfinalcms 

 References:
https://gitee.com/heyewei/JFinalcms/issues/I7WGC6
Copyright 2024, cxsecurity.com

 

Back to Top