Description
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.
Remediation
References
https://github.com/li-yu320/cms/blob/main/There%20is%20a%20CSRF%20at%20the%20deletion%20point%20of%20the%20broadcast%20image.md
Related Vulnerabilities
CVE-2022-25878 Vulnerability in maven package org.webjars.npm:protobufjs
CVE-2022-25766 Vulnerability in npm package ungit
CVE-2021-33611 Vulnerability in maven package org.webjars.bowergithub.vaadin:vaadin-menu-bar
CVE-2022-25904 Vulnerability in npm package safe-eval
CVE-2011-4367 Vulnerability in maven package org.apache.myfaces.core:myfaces-core-project