exploitDog

GHSA-vjjh-5286-68ch

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover.

forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover.

Ссылки

EPSS

Процентиль: 34%

0.00138

Низкий

CVE ID

Связанные уязвимости

CVE-2020-26802

CVSS3: 8.8

nvd

больше 5 лет назад

forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover.

EPSS

Процентиль: 34%

0.00138

Низкий

CVE ID