CVE-2026-11473 | jflyfox jfinal_cms up to 5.1.0 AdvicefeedbackController.java list orderBy sql injection (Issue 62)

A vulnerability labeled as critical has been found in jflyfox jfinal_cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection.

This vulnerability is uniquely identified as CVE-2026-11473. The attack can be launched remotely. No exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More