Description
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.
Remediation
References
https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20at%20the%20deletion%20point%20of%20column%20management.md
Related Vulnerabilities
CVE-2021-21428 Vulnerability in maven package org.openapitools:openapi-generator-online
CVE-2023-34396 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2023-33946 Vulnerability in maven package com.liferay.portal:release.portal.bom
CVE-2018-1000614 Vulnerability in maven package org.onosproject:onos-netconf-provider-alarm
CVE-2020-12265 Vulnerability in maven package org.webjars.npm:decompress-tar