nightcloudos - Security Researcher - Exploit Intelligence Platform

CVE-2023-3578 WRITEUP MEDIUM WRITEUP

dedecms 5.7.109 - Server-Side Request Forgery via co_do.php rssurl Parameter

A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file co_do.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233371.

CVSS 5.5

View Code

CVE-2023-49395 WRITEUP HIGH WORKING POC

JFinalCMS 5.0.0 - Cross-Site Request Forgery via /admin/category/update

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.

CVSS 8.8

View Code

CVE-2023-49396 WRITEUP HIGH WORKING POC

JFinalCMS 5.0.0 - Cross-Site Request Forgery via /admin/category/save

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.

CVSS 8.8

View Code

CVE-2023-49397 WRITEUP HIGH WORKING POC

JFinalCMS 5.0.0 - Cross-Site Request Forgery via /admin/category/updateStatus

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.

CVSS 8.8

View Code

CVE-2023-49398 WRITEUP HIGH WORKING POC

JFinalCMS 5.0.0 - Cross-Site Request Forgery via Column Management Delete Endpoint

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.

CVSS 8.8

View Code