Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2022-37209

Description

JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.

POC

Reference

- https://github.com/AgainstTheLight/CVE-2022-37209/tree/main

- https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql9.md

Github

- https://github.com/ARPSyndicate/cvemon

- https://github.com/AgainstTheLight/CVE-2022-37209

- https://github.com/AgainstTheLight/CVE-2022-37210

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/trhacknon/Pocingit