Lucene search
HistoryFeb 03, 2023 - 6:15 p.m.
CVE-2021-36569
cve-2021-36569
cross site request forgery
csrf
fuel-cms
remote code execution
security vulnerability
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.7%
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.
Affected configurations
Node
thedaylightstudiofuel_cmsMatch1.4.13
| CPE | Name | Operator | Version |
|---|---|---|---|
| thedaylightstudio:fuel_cms | thedaylightstudio fuel cms | eq | 1.4.13 |
Related
prion
prion
Cross site request forgery (csrf)
2023-02-03 18:15:00
nvd
nvd
CVE-2021-36569
2023-02-03 18:15:11
cvelist
cvelist
CVE-2021-36569
2023-02-03 00:00:00
osv
osv
CVE-2021-36569
2023-02-03 18:15:11
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.7%
Related for CVE-2021-36569