exploitDog

GHSA-xmq9-qw99-3695

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions.

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions.

Ссылки

EPSS

Процентиль: 35%

0.00141

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2019-19685

CVSS3: 8.8

nvd

около 6 лет назад

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions.

EPSS

Процентиль: 35%

0.00141

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352