Описание
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpage.
EPSS
Процентиль: 4%
0.00019
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 5.3
debian
23 дня назад
b2evolution 7.2.2 contains a cross-site request forgery vulnerability ...
CVSS3: 5.3
github
23 дня назад
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpage.
EPSS
Процентиль: 4%
0.00019
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-352