CVE-2024-12349 in JFinalCMSinfo

Summary

by MITRE • 12/09/2024

A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 02/21/2025

This vulnerability affects JFinalCMS version 1.0 and specifically targets the administrative functionality located at /admin/tag/save endpoint. The issue represents a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized actions within the application's administrative interface. The flaw exists in the application's handling of requests to the tag management functionality, where proper validation and authentication mechanisms are insufficient to prevent malicious requests from being executed on behalf of authenticated administrators.

The technical implementation of this CSRF vulnerability stems from the absence of anti-CSRF tokens or similar protective measures in the administrative tag saving functionality. When an authenticated administrator visits a malicious website or clicks on a crafted link, the attacker can construct requests that will be automatically executed in the context of the administrator's session. This particular vulnerability is classified under CWE-352 which specifically addresses Cross-Site Request Forgery issues in web applications. The attack vector is remote and requires no privileged access to exploit, making it particularly dangerous as it can be delivered through various means including phishing campaigns, malicious websites, or social engineering attacks.

The operational impact of this vulnerability is significant as it provides attackers with potential administrative privileges within the JFinalCMS system. Successful exploitation could allow an attacker to modify or delete content tags, potentially affecting the entire content management structure. The vulnerability's disclosure status indicates that working exploits are publicly available, which increases the likelihood of real-world attacks against affected systems. This makes the vulnerability particularly dangerous as organizations running JFinalCMS 1.0 are exposed to immediate threats without adequate time to implement protective measures.

Mitigation strategies should focus on implementing proper CSRF protection mechanisms such as anti-CSRF tokens that are generated for each user session and validated on every administrative request. The application should also implement strict referer header validation and implement the SameSite cookie attributes to prevent cross-site request execution. Additionally, organizations should immediately upgrade to a patched version of JFinalCMS if available, as the vulnerability affects core administrative functionality. Security monitoring should be enhanced to detect suspicious administrative activities, and regular security audits should be conducted to identify similar issues in other application components. The ATT&CK framework categorizes this vulnerability under T1531 - Account Access Removal and T1078 - Valid Accounts, as successful exploitation could lead to unauthorized administrative access and potential account compromise.

Responsible

VulDB

Disclosure

12/09/2024

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00352

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!