exploitDog

GHSA-3r8m-hxrx-mrr4

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).

BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).

Ссылки

EPSS

Процентиль: 41%

0.00194

Низкий

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2020-36140

CVSS3: 6.5

nvd

больше 4 лет назад

BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).

EPSS

Процентиль: 41%

0.00194

Низкий

CVE ID

Дефекты

CWE-352