CVE-2024-12349

Name of the Vulnerable Software and Affected Versions JFinalCMS version 1.0

Description The issue is related to a cross-site request forgery (CSRF) vulnerability in the /admin/tag/save file of the JFinalCMS system. This vulnerability can be exploited remotely, allowing an attacker to perform a CSRF attack. The exploit has been disclosed to the public and may be used.

Recommendations For JFinalCMS version 1.0, as a temporary workaround, consider disabling access to the /admin/tag/save file until a patch is available. Restrict access to the administrative panel to minimize the risk of exploitation. Avoid using the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.