exploitDog

GHSA-9cgv-2g5m-v85j

Опубликовано: 16 нояб. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form.

Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form.

Ссылки

EPSS

Процентиль: 33%

0.00131

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2023-43275

CVSS3: 8.8

nvd

около 2 лет назад

Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form.

EPSS

Процентиль: 33%

0.00131

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352