← Voltar para CVEs
CVE-2020-23960
HIGH8.8
Descricao
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado1/11/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
fork-cms:fork_cms
Fraquezas (CWE)
CWE-352
Referencias
https://github.com/forkcms/forkcms/pull/3123(cve@mitre.org)
https://www.fork-cms.com/blog/detail/fork-5.8.3-released(cve@mitre.org)
https://github.com/forkcms/forkcms/pull/3123(af854a3a-2127-422b-91ae-364da2661108)
https://www.fork-cms.com/blog/detail/fork-5.8.3-released(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.