A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows malicious users to arbitrarily make configuration changes within the application.
jizhicms jizhicms 2.4.5