CVE-2024-12349— JFinalCMS save cross-site request forgery
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-12349
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
JFinalCMS save cross-site request forgery
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
JFinalCMS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
JFinalCMS是heyewei个人开发者的一个内容管理系统。 JFinalCMS 1.0版本存在安全漏洞,该漏洞源于/admin/tag/save文件包含一个跨站请求伪造漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | JFinalCMS | 1.0 | - |
II. Public POCs for CVE-2024-12349
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-12349
Please Login to view more intelligence information
- Submit #456042: jwillber JFinalCMS 1 Cross-Site Request Forgerythird-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-12349
Same Patch Batch · n/a · 2024-12-09 · 47 CVEs total
| CVE-2024-48956 | 9.8 CRITICAL | Serviceware Processes 安全漏洞 |
| CVE-2024-55579 | 8.8 HIGH | Qlik Sense 安全漏洞 |
| CVE-2024-55580 | 7.5 HIGH | Qlik Sense 安全漏洞 |
| CVE-2024-55566 | 6.6 MEDIUM | ColPack 安全漏洞 |
| CVE-2024-12350 | 6.3 MEDIUM | JFinalCMS Template TemplateController.java update command injection |
| CVE-2024-12351 | 6.3 MEDIUM | JFinalCMS File Content ContentModel.java findPage sql injection |
| CVE-2024-55582 | 5.7 MEDIUM | Oxide 安全漏洞 |
| CVE-2024-54936 | Kashipara E-learning Management System 安全漏洞 | |
| CVE-2024-54923 | Kashipara E-learning Management System 安全漏洞 | |
| CVE-2024-54927 | Kashipara E-learning Management System 安全漏洞 | |
| CVE-2024-54938 | Kashipara E-learning Management System 安全漏洞 | |
| CVE-2024-54933 | Kashipara E-learning Management System 安全漏洞 | |
| CVE-2024-54925 | Kashipara E-learning Management System 安全漏洞 | |
| CVE-2024-54926 | Kashipara E-learning Management System 安全漏洞 | |
| CVE-2024-54931 | Kashipara E-learning Management System 安全漏洞 | |
| CVE-2024-54922 | Kashipara E-learning Management System 安全漏洞 | |
| CVE-2024-54932 | Kashipara E-learning Management System 安全漏洞 | |
| CVE-2024-54934 | Kashipara E-learning Management System 安全漏洞 | |
| CVE-2024-54921 | Kashipara E-learning Management System 安全漏洞 | |
| CVE-2024-54924 | Kashipara E-learning Management System 安全漏洞 |
Showing top 20 of 47 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: JFinalCMS
- CVE-2026-2200
heyewei JFinalCMS API Endpoint save cross site scripting - CVE-2024-12351
JFinalCMS File Content ContentModel.java findPage sql inject - CVE-2024-12350
JFinalCMS Template TemplateController.java update command in - CVE-2024-8782
JFinalCMS edit delete path traversal - CVE-2024-8706
JFinalCMS com.cms.util.TemplateUtils update path traversal
Same vendor: n/a
- CVE-2026-6667
PgBouncer missing authorization check in KILL_CLIENT admin c - CVE-2026-6666
PgBouncer crash in kill_pool_logins_server_error - CVE-2026-6665
PgBouncer buffer overflow in SCRAM - CVE-2026-6664
PgBouncer integer overflow in PgBouncer network packet parsi - CVE-2026-8127
eladmin Users API Endpoint UserController.java checkLevel ac
Same weakness: CWE-352
- CVE-2026-42286
Emlog: Cross-Site Request Forgery in Admin Functions - CVE-2026-42190
RedwoodSDK: Same-site CSRF in in server actions - CVE-2026-5791
CSRF in DivvyDrive Information Technologies' DivvyDrive - CVE-2026-27415
WordPress BEAR plugin <= 1.1.5 - Cross Site Request Forgery - CVE-2025-68604
WordPress WPGraphQL plugin <= 2.5.3 - Cross Site Request For
V. Comments for CVE-2024-12349
No comments yet