-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability manifests in the request handling chain for /admin/category/update. Key indicators: 1) The POC demonstrates successful exploitation via direct POST without CSRF tokens 2) JFinal's typical security pattern uses @Before interceptors for CSRF protection 3) The absence of patch information suggests missing security controls in the request processing flow. The combination of framework routing mechanisms (ActionHandler) and specific controller methods (CategoryController.update) create the vulnerability surface.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.jfinal:jfinal | maven | <= 5.0.0 |
Ongoing coverage of React2Shell