CVE-2020-23960

EPSS 0.21%
Veröffentlicht 11.01.2021 16:15:14
Zuletzt bearbeitet 21.11.2024 05:14:15
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fork-cms ≫ Fork Cms Version < 5.8.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.397

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://github.com/forkcms/forkcms/pull/3123

Patch

Third Party Advisory

https://www.fork-cms.com/blog/detail/fork-5.8.3-released

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2020-23960

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-23960

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-23960

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-23960