Submeter #590704: web jfinal_cms V5.0.1 Cross-Site Request Forgeryinformação

Títuloweb jfinal_cms V5.0.1 Cross-Site Request Forgery
DescriçãoDuring the security review of "jfinal_cms",I discovered a critical CSRF injection vulnerability in the "HOME.java" file. The logout method and others in the logout method do not impose restrictions on CSRF attacks, resulting in CSRF attacks
Fonte⚠️ https://github.com/webzzaa/CVE-/issues/3
Utilizador
 Tom132432 (UID 85670)
Submissão05/06/2025 12h36 (há 1 Ano)
Moderação15/06/2025 11h43 (10 days later)
EstadoAceite
Entrada VulDB312574 [jflyfox jfinal_cms 5.0.1 HOME.java Sair Falsificação de Pedido entre Sites]
Pontos17

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!