Lucene search

[email protected]CVE-2022-25576

HistoryMar 24, 2022 - 11:15 p.m.

CVE-2022-25576

2022-03-2423:15:07

CWE-352

[email protected]

web.nvd.nist.gov

cve-2022-25576

anchor cms

v0.12.7

cross-site request forgery

csrf

component

anchor

routes

posts.php

vulnerability

post deletion

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.6%

JSON

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.

Affected configurations

NVD

Node

anchorcmsanchor_cmsMatch0.12.7

CPENameOperatorVersion
anchorcms:anchor_cmsanchorcms anchor cmseq0.12.7

CPE	Name	Operator	Version
anchorcms:anchor_cms	anchorcms anchor cms	eq	0.12.7

References

github.com/anchorcms/anchor-cms

github.com/butterflyhack/anchorcms-0.12.7-CSRF

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.6%

JSON

Related for CVE-2022-25576

osv2 github1 gitlab1 cvelist1 nvd1 veracode1 prion1