Описание
Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users into submitting the form.
Ссылки
- Product
- ExploitThird Party Advisory
- Exploit
- ExploitThird Party Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:arunna:arunna:1.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 1%
0.00012
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 5.3
github
23 дня назад
Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users into submitting the form.
EPSS
Процентиль: 1%
0.00012
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-352