exploitDog

GHSA-fjw5-gg3p-qgcr

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Cross-site request forgery (CSRF) vulnerability in engine/modules/imagepreview.php in Datalife Engine 6.7 allows remote attackers to hijack the authentication of arbitrary users for requests that use a modified image parameter.

Cross-site request forgery (CSRF) vulnerability in engine/modules/imagepreview.php in Datalife Engine 6.7 allows remote attackers to hijack the authentication of arbitrary users for requests that use a modified image parameter.

Ссылки

EPSS

Процентиль: 32%

0.00126

Низкий

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2008-6480

nvd

почти 17 лет назад

Cross-site request forgery (CSRF) vulnerability in engine/modules/imagepreview.php in Datalife Engine 6.7 allows remote attackers to hijack the authentication of arbitrary users for requests that use a modified image parameter.

EPSS

Процентиль: 32%

0.00126

Низкий

CVE ID

Дефекты

CWE-352