8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-49446

GHSA ID

GHSA-hv4c-v8j8-54cw

EPSS Score

0.50082%

CWE

CWE-352

Published

12/5/2023

Updated

12/12/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-49446

CVE-2023-49446: Cross-Site Request Forgery in JFinalCMS via /admin/nav/save

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-49446

GHSA ID

GHSA-hv4c-v8j8-54cw

EPSS Score

0.50082%

CWE

CWE-352

Published

12/5/2023

Updated

12/12/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.jfinal:jfinal	maven	<= 5.0.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

J*in*l*MS v*.*.* w*s *is*ov*r** to *ont*in * *ross-Sit* R*qu*st *or**ry (*SR*) vuln*r**ility vi* /**min/n*v/s*v*.

Reasoning

No *n*lysis *v*il**l*

8.8

Basic Information

Concerned about an active attack path?

CVE-2023-49446: Cross-Site Request Forgery in JFinalCMS via /admin/nav/save

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI