Windu CMS Cross-Site Request Forgery Vulnerability in File Uploading Functionality

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Windu CMS version 4.1, allowing attackers to upload malicious files to the server. This issue arises because the CSRF protection mechanism can be bypassed by using a token from another user. While the vendor was notified about this vulnerability, no details regarding the affected version range were provided. Only version 4.1 has been tested and confirmed as vulnerable, leaving the status of other versions uncertain.

Impact

Exploitation of this vulnerability allows for Cross-Site Request Forgery attacks, where an attacker can trick a user into uploading a malicious file to the server.

Added: Nov 18, 2025, 3:22 PM

Updated: Nov 18, 2025, 3:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

6.5

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

6.5

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Windu CMS Cross-Site Request Forgery Vulnerability in File Uploading Functionality

Vulnerability

Impact

Affected Products

JCD Windu CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating