Primary

Context

zj1983 zz Cross-Site Request Forgery Vulnerability

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in zj1983 zz versions prior to August 2024. This vulnerability allows remote attackers to manipulate an unknown functionality, potentially leading to unauthorized actions being performed on behalf of the user.

Impact

Exploitation of this vulnerability allows for cross-site request forgery, where an attacker can trick a user into performing actions they did not intend to.

Reproduction

To reproduce this vulnerability, deploy the proof of concept (PoC) on the server. Then, simulate an administrator by clicking on 'Authority Management', selecting 'Add Role', and then clicking 'Add Role' again. This action will generate a CSRF verification script that can be captured and used to exploit the vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

zj1983 zz Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating