exploitDog

GHSA-p4pv-7942-p3fc

Опубликовано: 25 апр. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in.

A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in.

Ссылки

EPSS

Процентиль: 57%

0.00357

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2023-26841

CVSS3: 6.5

nvd

почти 3 года назад

A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in.

EPSS

Процентиль: 57%

0.00357

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-352