Login Sign Up

CVE-2023-49446

8.8 HIGH
CSRF

📋 TL;DR

JFinalCMS v5.0.0 contains a CSRF vulnerability in the navigation management area that allows attackers to trick authenticated administrators into performing unauthorized actions. This affects all JFinalCMS v5.0.0 installations with admin panel access. Attackers can modify navigation settings without the admin's knowledge.

💻 Affected Systems

Products:
  • JFinalCMS
Versions: v5.0.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with admin panel accessible and where administrators can be tricked into visiting malicious pages while authenticated.

📦 What is this software?

Jfinalcms by Jfinalcms Project

View all CVEs affecting Jfinalcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could completely compromise the CMS by modifying navigation to redirect users to malicious sites, inject malicious content, or alter site structure to facilitate further attacks.

🟠

Likely Case

Attackers modify navigation links to redirect users to phishing sites or inject malicious scripts, potentially compromising user data and site integrity.

🟢

If Mitigated

With proper CSRF protections, no unauthorized navigation modifications can occur through this endpoint.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

CSRF attacks require the victim to be authenticated as an administrator and visit a malicious page. The exploit is straightforward once the malicious page is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Implement CSRF tokens in the /admin/nav/save endpoint following secure coding practices.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF token validation to the /admin/nav/save endpoint

Modify JFinalCMS source code to include CSRF token generation and validation for navigation management forms

Restrict Admin Access

all

Limit admin panel access to trusted networks only

Configure firewall rules to restrict access to /admin paths from internal IPs only

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to detect and block CSRF attempts
  • Require re-authentication for sensitive administrative actions like navigation modifications

🔍 How to Verify

Check if Vulnerable:

Check if JFinalCMS version is 5.0.0 and if /admin/nav/save endpoint lacks CSRF token validation

Check Version:

Check JFinalCMS configuration files or admin panel for version information

Verify Fix Applied:

Test that navigation modification requests without valid CSRF tokens are rejected

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed POST requests to /admin/nav/save from different sessions
  • Navigation modifications from unexpected IP addresses

Network Indicators:

  • POST requests to /admin/nav/save without Referer header or with external Referer
  • Requests with suspicious parameters in navigation data

SIEM Query:

source="web_logs" AND uri="/admin/nav/save" AND method="POST" AND (NOT referer CONTAINS "yourdomain.com" OR referer="-")

📊 Metadata

CVE ID: CVE-2023-49446
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: December 5, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-49446, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)