{"id":6889,"date":"2025-06-16T00:01:45","date_gmt":"2025-06-16T00:01:45","guid":{"rendered":"http:\/\/localhost\/?p=6889"},"modified":"2025-06-16T00:01:45","modified_gmt":"2025-06-16T00:01:45","slug":"wukongopensource-wukongcrm-adminrolecontrollerjava-cross-site-request-forgery","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6889","title":{"rendered":"WuKongOpenSource WukongCRM AdminRoleController.java cross-site request forgery"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nWuKongOpenSource WukongCRM AdminRoleController.java cross-site request forgery<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-16T04:31:04.416Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nWuKongOpenSource<\/td>\n<\/tr>\n
Product<\/th>\nWukongCRM<\/td>\n<\/tr>\n
Version<\/th>\n9.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:P\/VC:N\/VI:L\/VA:N\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA cross-site request forgery (CSRF) vulnerability exists in WuKongOpenSource WukongCRM 9.0, specifically in the AdminRoleController.java file. This allows remote attackers to perform unauthorized actions on behalf of authenticated users. The vulnerability has been publicly disclosed and may be exploited.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\nWuKongOpenSource<\/td>\n<\/tr>\n
Product<\/th>\nWukongCRM<\/td>\n<\/tr>\n
Affected Version<\/th>\n9.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n