CVE-2020-19151 – Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbi …

Vuln ID: CVE-2020-19151

Published:  2021-09-15  14:15:08Z

Description: Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component ‘jfinal_cms/admin/filemanager/list’.

Source: NVD.NIST.GOV