Login Sign Up

CVE-2023-49378

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

JFinalCMS v5.0.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /admin/form/save endpoint that allows attackers to trick authenticated administrators into performing unauthorized actions. This affects all users running the vulnerable version who have administrative access. Attackers can exploit this to modify system configurations or create malicious content.

💻 Affected Systems

Products:
  • JFinalCMS
Versions: v5.0.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with administrative access enabled and the vulnerable endpoint accessible.

📦 What is this software?

Jfinalcms by Jfinalcms Project

View all CVEs affecting Jfinalcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through administrative account takeover, allowing attackers to modify all CMS content, inject malicious code, or reconfigure the entire system.

🟠

Likely Case

Unauthorized creation or modification of custom forms and tables, potentially leading to data manipulation, content injection, or privilege escalation.

🟢

If Mitigated

Limited impact with proper CSRF protections, though administrative actions could still be performed if other vulnerabilities exist.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires the victim to be authenticated as an administrator and visit a malicious page while logged in.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing CSRF protections manually.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF token validation to the /admin/form/save endpoint

Modify the save form handler to require and validate CSRF tokens

Restrict Admin Access

all

Limit administrative access to trusted networks only

Configure firewall rules to restrict /admin/* endpoints to internal IPs

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to detect and block CSRF attempts
  • Require re-authentication for sensitive administrative actions

🔍 How to Verify

Check if Vulnerable:

Check if JFinalCMS version is 5.0.0 and the /admin/form/save endpoint lacks CSRF protection

Check Version:

Check CMS configuration files or admin panel for version information

Verify Fix Applied:

Test that /admin/form/save endpoint now requires and validates CSRF tokens

📡 Detection & Monitoring

Log Indicators:

  • Multiple POST requests to /admin/form/save from different sessions
  • Unusual form creation/modification activity

Network Indicators:

  • CSRF attack patterns in web traffic
  • Malicious requests originating from external sites

SIEM Query:

source="web_logs" AND uri="/admin/form/save" AND method="POST" AND NOT referer CONTAINS "your-domain.com"

📊 Metadata

CVE ID: CVE-2023-49378
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: December 5, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-49378, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)