CVE-2022-37207 PoC — JFinal SQL注入漏洞

Source

Associated Vulnerability

Description

CVE-2022-37207 POC

Readme

# CVE-2022-37207
CVE-2022-37207 POC

> [Suggested description]
> JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not
> use the same component, nor do they have filters, but each uses its own
> SQL concatenation method, resulting in SQL injection
>
> ------------------------------------------
>
> [Additional Information]
> https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql10.md
>
> ------------------------------------------
>
> [Vulnerability Type]
> SQL Injection
>
> ------------------------------------------
>
> [Vendor of Product]
> the development group
>
> ------------------------------------------
>
> [Affected Product Code Base]
> https://github.com/jflyfox/jfinal_cms - JFinal CMS 5.1.0
>
> ------------------------------------------
>
> [Affected Component]
> These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> User login is required
>
> ------------------------------------------
>
> [Reference]
> https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql10.md
>
> ------------------------------------------
>
> [Discoverer]
> jw5t

Use CVE-2022-37207.

File Snapshot

 [4.0K]  /data/pocs/44dd0a0e54d21c60ad6778bb9ed6de5643a03b73
├── [ 11K]  LICENSE
└── [1.4K]  README.md

0 directories, 2 files

Remarks