CVE-2023-27234: CSRF
First published: Wed Mar 15 2023(Updated: )
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jizhicms Jizhicms | =2.4.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this CSRF vulnerability in Jizhicms v2.4.5?
The vulnerability ID for this CSRF vulnerability in Jizhicms v2.4.5 is CVE-2023-27234.
What is the severity of CVE-2023-27234?
The severity of CVE-2023-27234 is medium (6.5).
How does this CSRF vulnerability in Jizhicms v2.4.5 work?
This CSRF vulnerability in Jizhicms v2.4.5 allows attackers to make arbitrary configuration changes within the application by tricking authenticated users into performing unwanted actions.
Which software version is affected by this CSRF vulnerability?
The CSRF vulnerability in Jizhicms v2.4.5 affects version 2.4.5 of the software.
Is there a fix available for CVE-2023-27234?
At the moment, there is no known fix available for CVE-2023-27234. It is recommended to follow the guidance provided by the software vendor or developer.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/weakness
- agent/description
- agent/tags
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/jizhicms
- canonical/jizhicms jizhicms
- version/jizhicms jizhicms/2.4.5