Lucene search

GoogleOSV:CVE-2023-49375

HistoryDec 05, 2023 - 3:15 p.m.

CVE-2023-49375

2023-12-0515:15:07

Google

osv.dev

cve-2023-49375

cross-site request forgery

jfinalcms v5.0.0

admin

friend link

update

software

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.1%

JSON

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.

References

github.com/cui2shark/cms/blob/main/There%20is%20CSRF%20in%20the%20modification%20of%20the%20friendship%20link.md

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.1%

JSON

Related for OSV:CVE-2023-49375