CVE-2021-29054

Опубликовано: 13 апр. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Certain Papoo products are affected by: Cross Site Request Forgery (CSRF) in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privileges (remote).

Ссылки

https://github.com/raginx/security/blob/main/rADV-2021-01.txt
Third Party Advisory
https://packetstormsecurity.com/files/162077/Papoo-CMS-Cross-Site-Request-Forgery.html
Third Party Advisory
VDB Entry
https://www.papoo.de/achtung---sicherheitsfeature-bitte-aktivieren.html
Patch
Vendor Advisory
https://github.com/raginx/security/blob/main/rADV-2021-01.txt
Third Party Advisory
https://packetstormsecurity.com/files/162077/Papoo-CMS-Cross-Site-Request-Forgery.html
Third Party Advisory
VDB Entry
https://www.papoo.de/achtung---sicherheitsfeature-bitte-aktivieren.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:papoo:papoo:*:*:*:*:pro:*:*:*

Версия до 6.0.1 (включая)

cpe:2.3:a:papoo:papoo:*:*:*:*:light:*:*:*

Версия до 21.02 (включая)

EPSS

Процентиль: 48%

0.0025

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-4rrc-qjf7-pc45

github

больше 3 лет назад