Li-Yu320

**Name of the Vulnerable Software and Affected Versions** JFinalCMS version 5.0.0 **Description** A Cross-Site Request Forgery (CSRF) issue was discovered in JFinalCMS. The issue is related to the `/admin/slide/delete` API endpoint. This allows for unauthorized actions to be performed on the application. **Recommendations** For JFinalCMS version 5.0.0, as a temporary workaround, consider restricting access to the `/admin/slide/delete` API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JFinalCMS version 5.0.0 **Description** A Cross-Site Request Forgery (CSRF) issue was found in JFinalCMS via the "/admin/slide/update" API endpoint. This allows an attacker to perform unauthorized actions on the system. **Recommendations** For JFinalCMS version 5.0.0, as a temporary workaround, consider restricting access to the "/admin/slide/update" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.