CVE-2021-29334: n/a in n/a
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html
AI Analysis
Technical Summary
CVE-2021-29334 is a high-severity vulnerability identified in JIZHI CMS version 1.9.4. The vulnerability is a Cross-Site Request Forgery (CSRF) flaw that allows an attacker to add an administrative account through the endpoint /admin.php/Admin/adminadd.html without requiring prior authentication. CSRF vulnerabilities occur when a web application does not properly verify that requests made to it originate from an authenticated and authorized user. In this case, the attacker can craft a malicious request that, when executed by an authenticated user or via social engineering, results in the creation of a new admin user account. This new account would have full administrative privileges, enabling the attacker to take complete control over the CMS, including modifying content, altering configurations, or deploying further malicious payloads. The CVSS 3.1 base score of 8.8 reflects the critical nature of this vulnerability, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), indicating that exploitation can lead to full compromise of the affected system. Although no public exploits are currently known in the wild, the vulnerability's characteristics make it a significant risk, especially for organizations relying on JIZHI CMS for their web presence. The lack of available patches or vendor-provided fixes further exacerbates the threat landscape for affected users.
Potential Impact
For European organizations using JIZHI CMS 1.9.4, this vulnerability poses a severe risk. Successful exploitation can lead to unauthorized administrative access, enabling attackers to manipulate website content, steal sensitive data, disrupt services, or use the compromised CMS as a foothold for lateral movement within the network. This can result in reputational damage, regulatory non-compliance (e.g., GDPR violations due to data breaches), financial losses, and operational downtime. Given the high integrity and availability impact, critical business functions relying on the CMS could be disrupted. Additionally, attackers could leverage the compromised CMS to distribute malware or conduct phishing campaigns targeting European users. The requirement for user interaction means that social engineering or phishing could facilitate exploitation, increasing the attack surface. Organizations in sectors such as government, finance, healthcare, and media, which often rely on CMS platforms for public-facing websites, are particularly at risk due to the potential exposure of sensitive information and the criticality of their online services.
Mitigation Recommendations
1. Immediate mitigation involves restricting access to the /admin.php/Admin/adminadd.html endpoint via network-level controls such as IP whitelisting or web application firewalls (WAFs) to prevent unauthorized requests. 2. Implement CSRF tokens and verify the origin of all administrative requests to ensure they originate from legitimate users and sessions. 3. Enforce multi-factor authentication (MFA) for all administrative accounts to reduce the risk of unauthorized access even if an account is created maliciously. 4. Conduct thorough audits of existing admin accounts to detect any unauthorized additions and remove suspicious accounts promptly. 5. Monitor web server and application logs for unusual activity related to admin account creation or access patterns. 6. If possible, upgrade to a newer, patched version of JIZHI CMS once available or consider migrating to a more secure CMS platform. 7. Educate users and administrators about phishing and social engineering risks to reduce the likelihood of user interaction facilitating exploitation. 8. Deploy runtime application self-protection (RASP) tools to detect and block CSRF and other web-based attacks in real-time.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium
CVE-2021-29334: n/a in n/a
Description
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html
AI-Powered Analysis
Technical Analysis
CVE-2021-29334 is a high-severity vulnerability identified in JIZHI CMS version 1.9.4. The vulnerability is a Cross-Site Request Forgery (CSRF) flaw that allows an attacker to add an administrative account through the endpoint /admin.php/Admin/adminadd.html without requiring prior authentication. CSRF vulnerabilities occur when a web application does not properly verify that requests made to it originate from an authenticated and authorized user. In this case, the attacker can craft a malicious request that, when executed by an authenticated user or via social engineering, results in the creation of a new admin user account. This new account would have full administrative privileges, enabling the attacker to take complete control over the CMS, including modifying content, altering configurations, or deploying further malicious payloads. The CVSS 3.1 base score of 8.8 reflects the critical nature of this vulnerability, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), indicating that exploitation can lead to full compromise of the affected system. Although no public exploits are currently known in the wild, the vulnerability's characteristics make it a significant risk, especially for organizations relying on JIZHI CMS for their web presence. The lack of available patches or vendor-provided fixes further exacerbates the threat landscape for affected users.
Potential Impact
For European organizations using JIZHI CMS 1.9.4, this vulnerability poses a severe risk. Successful exploitation can lead to unauthorized administrative access, enabling attackers to manipulate website content, steal sensitive data, disrupt services, or use the compromised CMS as a foothold for lateral movement within the network. This can result in reputational damage, regulatory non-compliance (e.g., GDPR violations due to data breaches), financial losses, and operational downtime. Given the high integrity and availability impact, critical business functions relying on the CMS could be disrupted. Additionally, attackers could leverage the compromised CMS to distribute malware or conduct phishing campaigns targeting European users. The requirement for user interaction means that social engineering or phishing could facilitate exploitation, increasing the attack surface. Organizations in sectors such as government, finance, healthcare, and media, which often rely on CMS platforms for public-facing websites, are particularly at risk due to the potential exposure of sensitive information and the criticality of their online services.
Mitigation Recommendations
1. Immediate mitigation involves restricting access to the /admin.php/Admin/adminadd.html endpoint via network-level controls such as IP whitelisting or web application firewalls (WAFs) to prevent unauthorized requests. 2. Implement CSRF tokens and verify the origin of all administrative requests to ensure they originate from legitimate users and sessions. 3. Enforce multi-factor authentication (MFA) for all administrative accounts to reduce the risk of unauthorized access even if an account is created maliciously. 4. Conduct thorough audits of existing admin accounts to detect any unauthorized additions and remove suspicious accounts promptly. 5. Monitor web server and application logs for unusual activity related to admin account creation or access patterns. 6. If possible, upgrade to a newer, patched version of JIZHI CMS once available or consider migrating to a more secure CMS platform. 7. Educate users and administrators about phishing and social engineering risks to reduce the likelihood of user interaction facilitating exploitation. 8. Deploy runtime application self-protection (RASP) tools to detect and block CSRF and other web-based attacks in real-time.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2021-03-29T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d983cc4522896dcbeea9b
Added to database: 5/21/2025, 9:09:16 AM
Last enriched: 6/22/2025, 12:49:43 PM
Last updated: 8/10/2025, 4:50:51 AM
Views: 10
Related Threats
CVE-2025-55167: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA
CriticalCVE-2025-55166: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in darylldoyle svg-sanitizer
MediumCVE-2025-55164: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in helmetjs content-security-policy-parser
HighCVE-2025-3089: CWE-639 Authorization Bypass Through User-Controlled Key in ServiceNow ServiceNow AI Platform
MediumCVE-2025-54864: CWE-306: Missing Authentication for Critical Function in NixOS hydra
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.