CVE-2018-8814

Опубликовано: 04 апр. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 5.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a malicious request.

Ссылки

https://docs.google.com/document/d/19X9j9lMVrH7VPhyMEdqidqgW4VBhXaFibuBDyiPxJjc/edit?usp=sharing
Exploit
Third Party Advisory
https://github.com/wolfcms/wolfcms/issues/671
Exploit
Issue Tracking
Third Party Advisory
https://www.exploit-db.com/exploits/44418/
Exploit
Third Party Advisory
VDB Entry
https://docs.google.com/document/d/19X9j9lMVrH7VPhyMEdqidqgW4VBhXaFibuBDyiPxJjc/edit?usp=sharing
Exploit
Third Party Advisory
https://github.com/wolfcms/wolfcms/issues/671
Exploit
Issue Tracking
Third Party Advisory
https://www.exploit-db.com/exploits/44418/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wolfcms:wolf_cms:0.8.3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00147

Низкий

6.5 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-4ffj-h795-6cf8