CVE-2017-20062

Exploit

EPSS 0.14%
Veröffentlicht 20.06.2022 05:15:07
Zuletzt bearbeitet 21.11.2024 03:22:33
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Elefantcms ≫ Elefant Cms Version1.3.12 Updaterc

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.346

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
cna@vuldb.com	5	1.6	3.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://seclists.org/fulldisclosure/2017/Feb/37

Third Party Advisory

Exploit

Mailing List

https://vuldb.com/?id.97259

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2017-20062

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-20062

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-20062

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-20062