Cross-Site Request Forgery Vulnerability in JFinalCMS by NightcloudOS
CVE-2023-49398

8.8HIGH

Key Information:

Vendor: Jfinalcms Project
Status: Jfinalcms
Vendor: CVE Published:; 5 December 2023

🔔 Create Jfinalcms Project Vulnerability Alert

What is CVE-2023-49398?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in JFinalCMS version 5.0.0. This security issue allows an attacker to potentially trick a logged-in user into performing unwanted actions without their consent. Specifically, the vulnerability is found in the endpoint responsible for deleting categories in the admin panel (/admin/category/delete). Exploiting this vulnerability could lead to unauthorized changes, impacting the integrity of the CMS. It is crucial for users and administrators to employ preventive measures to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/nightcloudos/new_cms/blob/main/CSRF%20...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2023
Vulnerability Reserved
Nov 27, 2023

JSON

Jfinalcms Project

What is CVE-2023-49398?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.