-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability manifests in the /admin/tag/delete endpoint which handles tag deletion operations. While exact implementation details aren't provided, CSRF vulnerabilities typically occur when state-changing endpoints: 1) Don't require anti-CSRF tokens 2) Rely solely on session cookies for authentication 3) Don't validate() request origin. The POC demonstrates a working CSRF attack using a simple HTML form, indicating missing CSRF protections in the request handling mechanism. The core request handler (ActionHandler) would be responsible for executing controller actions like tag deletion without proper CSRF checks.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.jfinal:jfinal | maven | <= 5.0.0 |
JavaJavaKEV Misses 88% of Exploited CVEs- Get the report