-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability manifests in the endpoint /admin/category/save which handles category management operations. CSRF vulnerabilities typically occur when state-changing endpoints lack anti-CSRF tokens or same-origin checks. The provided POC demonstrates a working CSRF exploit using a simple HTML form without any CSRF token, indicating the endpoint doesn't validate() request authenticity. In JFinal-based applications, controller methods handling POST requests would normally use @Before(CSRFInterceptor.class) for protection if implemented. The absence of such protection in this specific handler makes it vulnerable.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.jfinal:jfinal | maven | <= 5.0.0 |
JavaJavaOngoing coverage of React2Shell