CVE-2023-26812 Information

Description

Command execution vulnerability in the ActionEnter Class ins jfinal CMS version 5.1.0 allows attackers to execute arbitrary code via a created json file to the ueditor route.

Reference

https://github.com/jflyfox/jfinal_cms/issues/54