First published: Tue Dec 05 2023(Updated: )
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
maven/com.jfinal:jfinal | <=5.0.0 | |
Jfinalcms | =5.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-49374 is a Cross-Site Request Forgery (CSRF) vulnerability found in JFinalCMS v5.0.0 via /admin/slide/update.
CVE-2023-49374 has a severity rating of 8.8 (high).
CVE-2023-49374 affects JFinalCMS v5.0.0.
To fix CVE-2023-49374, update JFinalCMS to a version that has addressed the CSRF vulnerability.
You can find more information about CVE-2023-49374 at this link: [https://github.com/li-yu320/cms/blob/main/There%20is%20CSRF%20in%20the%20rotation%20image%20editing%20section.md](https://github.com/li-yu320/cms/blob/main/There%20is%20CSRF%20in%20the%20rotation%20image%20editing%20section.md).