2021-09-15 13:52:47
mitre
PUBLISHED
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the TemplatePath parameter in the component jfinal_cms/admin/folder/list.