Description
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.
Remediation
References
https://github.com/li-yu320/cms/blob/main/There%20is%20a%20CSRF%20at%20the%20deletion%20point%20of%20the%20broadcast%20image.md
Related Vulnerabilities
CVE-2023-37899 Vulnerability in npm package @feathersjs/transport-commons
CVE-2020-7707 Vulnerability in npm package property-expr
CVE-2018-18854 Vulnerability in maven package io.spray:spray-json
CVE-2023-29519 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui
CVE-2021-23356 Vulnerability in npm package kill-process-by-name