exploitDog

GHSA-63f8-cmv9-r78g

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to admin/users/edit that grant administrative privileges.

Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to admin/users/edit that grant administrative privileges.

Ссылки

EPSS

Процентиль: 71%

0.00675

Низкий

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2010-3026

nvd

больше 15 лет назад

Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to admin/users/edit that grant administrative privileges.

EPSS

Процентиль: 71%

0.00675

Низкий

CVE ID

Дефекты

CWE-352