Loading market data...
← Back to CVE feed

CVE-2026-11473

MEDIUM CVSS 6.3 View on NVD ↗

Description

A vulnerability was identified in jflyfox jfinal_cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Published: Jun 08, 2026 01:16 UTC Modified: Jun 08, 2026 14:57 UTC