Vuln ID: CVE-2020-19151
Published: 2021-09-15 14:15:08Z
Description: Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component ‘jfinal_cms/admin/filemanager/list’.
Source: NVD.NIST.GOV