Description
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the delete.php endpoint of Jason2605 AdminPanel 4.0.
Published: 2026-05-27
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A cross‑site request forgery flaw is present in the delete.php endpoint of Jason2605 AdminPanel 4.0. The vulnerability allows an attacker to trigger delete operations from a victim’s browser without the victim’s explicit consent. The description does not disclose what data or resources are removed, so the potential impact depends on the functionality of the delete.php endpoint.

Affected Systems

The flaw affects Jason2605 AdminPanel, version 4.0. No other versions or vendors are identified as impacted.

Risk and Exploitability

The CVSS score of 6.3 reflects a moderate level of severity, and the EPSS score is currently unavailable; the flaw is not listed in CISA's KEV catalog. Attackers can exploit the vulnerable endpoint by sending a crafted HTTP request from a malicious site, and the delete.php endpoint can be invoked via a simple request (this is inferred from typical CSRF behavior). The description does not specify authentication requirements, so it is unclear whether the endpoint requires administrative credentials or can be accessed anonymously. The lack of a KEV listing suggests no known exploitation at the time of this analysis, yet CSRF flaws that impact deletion actions remain a notable risk.

Generated by OpenCVE AI on May 27, 2026 at 22:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor patch or upgrade to a fixed release of Jason2605 AdminPanel.
  • Add a synchronizer token to the delete.php request and verify the token on the server side.
  • Validate the Origin and Referer headers to accept requests only from trusted domains.
  • Require explicit confirmation or an additional authentication step before performing deletion actions.

Generated by OpenCVE AI on May 27, 2026 at 22:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Jason2605
Jason2605 adminpanel
Vendors & Products Jason2605
Jason2605 adminpanel

Wed, 27 May 2026 23:00:00 +0000

Type Values Removed Values Added
Title CSRF Vulnerability in Delete Endpoint of Jason2605 AdminPanel 4.0

Wed, 27 May 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-352
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the delete.php endpoint of Jason2605 AdminPanel 4.0.
References

Subscriptions

Jason2605 Adminpanel
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-27T18:25:15.116Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30498

cve-icon Vulnrichment

Updated: 2026-05-27T18:25:03.725Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T15:16:25.757

Modified: 2026-05-27T20:00:46.020

Link: CVE-2026-30498

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T21:22:30Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)