CVE-2023-27234

Name of the Vulnerable Software and Affected Versions Jizhicms version 2.4.5

Description A Cross-Site Request Forgery (CSRF) issue in the /Sys/index.html endpoint of the application allows attackers to make arbitrary configuration changes within the application. This can be exploited by attackers to modify settings without proper authorization.

Recommendations For Jizhicms version 2.4.5, as a temporary workaround, consider implementing additional validation for requests to the /Sys/index.html endpoint to prevent unauthorized configuration changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.