CVE-2021-29334 is a high-severity vulnerability identified in JIZHI CMS version 1.9.4. The vulnerability is a Cross-Site Request Forgery (CSRF) flaw that allows an attacker to add an administrative account through the endpoint /admin.php/Admin/adminadd.html without requiring prior authentication. CSRF vulnerabilities occur when a web application does not properly verify that requests made to it originate from an authenticated and authorized user. In this case, the attacker can craft a malicious request that, when executed by an authenticated user or via social engineering, results in the creation of a new admin user account. This new account would have full administrative privileges, enabling the attacker to take complete control over the CMS, including modifying content, altering configurations, or deploying further malicious payloads. The CVSS 3.1 base score of 8.8 reflects the critical nature of this vulnerability, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), indicating that exploitation can lead to full compromise of the affected system. Although no public exploits are currently known in the wild, the vulnerability's characteristics make it a significant risk, especially for organizations relying on JIZHI CMS for their web presence. The lack of available patches or vendor-provided fixes further exacerbates the threat landscape for affected users.

For European organizations using JIZHI CMS 1.9.4, this vulnerability poses a severe risk. Successful exploitation can lead to unauthorized administrative access, enabling attackers to manipulate website content, steal sensitive data, disrupt services, or use the compromised CMS as a foothold for lateral movement within the network. This can result in reputational damage, regulatory non-compliance (e.g., GDPR violations due to data breaches), financial losses, and operational downtime. Given the high integrity and availability impact, critical business functions relying on the CMS could be disrupted. Additionally, attackers could leverage the compromised CMS to distribute malware or conduct phishing campaigns targeting European users. The requirement for user interaction means that social engineering or phishing could facilitate exploitation, increasing the attack surface. Organizations in sectors such as government, finance, healthcare, and media, which often rely on CMS platforms for public-facing websites, are particularly at risk due to the potential exposure of sensitive information and the criticality of their online services.

1. Immediate mitigation involves restricting access to the /admin.php/Admin/adminadd.html endpoint via network-level controls such as IP whitelisting or web application firewalls (WAFs) to prevent unauthorized requests. 2. Implement CSRF tokens and verify the origin of all administrative requests to ensure they originate from legitimate users and sessions. 3. Enforce multi-factor authentication (MFA) for all administrative accounts to reduce the risk of unauthorized access even if an account is created maliciously. 4. Conduct thorough audits of existing admin accounts to detect any unauthorized additions and remove suspicious accounts promptly. 5. Monitor web server and application logs for unusual activity related to admin account creation or access patterns. 6. If possible, upgrade to a newer, patched version of JIZHI CMS once available or consider migrating to a more secure CMS platform. 7. Educate users and administrators about phishing and social engineering risks to reduce the likelihood of user interaction facilitating exploitation. 8. Deploy runtime application self-protection (RASP) tools to detect and block CSRF and other web-based attacks in real-time.