CVE Catalog

CVE-2026-11473

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Summary

A vulnerability was identified in jflyfox jfinal_cms up to version 5.1.0, affecting the list function in the AdvicefeedbackController.java file. Manipulation of the argument orderBy leads to SQL injection.

Risk Assessment

An attacker can remotely exploit this vulnerability, potentially leading to unauthorized access to the database and data leakage.

Recommendation

It is recommended to update to the latest version of jflyfox jfinal_cms and to monitor logs for potential attack attempts.

Original NVD description (English source)

A vulnerability was identified in jflyfox jfinal_cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through an issue report but has not responded yet.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS