CVE-2025-55744

Exploit

EPSS 0.14%
Veröffentlicht 21.08.2025 15:51:43
Zuletzt bearbeitet 22.08.2025 21:52:35
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

UnoPim vulnerable to CSRF on Product edit feature and creation of other types

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Webkul ≫ Unopim Version < 0.2.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.039

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
security-advisories@github.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://github.com/unopim/unopim/security/advisories/GHSA-287x-6r2h-f9mw

Vendor Advisory

Exploit

https://drive.proton.me/urls/VXNDKQ4WKR#LpvE777hl8OJ

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-55744

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-55744

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-55744

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-55744