jflyfox jfinal_cms AdvicefeedbackController.java list sql injection_CVE-2026-11473

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Description

A vulnerability was identified in jflyfox jfinal_cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-11473

Source VulDB

Published Jun 8, 2026 at 00:45

Affected Product

Vendor jflyfox

Product jfinal_cms

Version 5.0

Affected Versions jflyfox jfinal_cms 5.0
jflyfox jfinal_cms 5.1.0

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in jflyfox jfinal_cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-06-08T00:45:09.691Z",
    "modified": "2026-06-08T00:45:09.691Z",
    "type": "cve",
    "title": "jflyfox jfinal_cms AdvicefeedbackController.java list sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/369093\nhttps://vuldb.com/vuln/369093/cti\nhttps://vuldb.com/cve/CVE-2026-11473\nhttps://vuldb.com/submit/833907\nhttps://github.com/jflyfox/jfinal_cms/issues/62\nhttps://github.com/jflyfox/jfinal_cms/",
    "id": "CVE-2026-11473",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "jflyfox jfinal_cms 5.0\njflyfox jfinal_cms 5.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "jfinal_cms",
    "version": "5.0",
    "vendor": "jflyfox",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}