Lucene search

K
cveMitreCVE-2023-26840
HistoryApr 25, 2023 - 1:15 p.m.

CVE-2023-26840

2023-04-2513:15:09
CWE-352
mitre
web.nvd.nist.gov
16
cve-2023-26840
csrf
vulnerability
churchcrm
nvd
security

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

38.1%

A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator.

Affected configurations

Nvd
Node
churchcrmchurchcrmMatch4.5.3
VendorProductVersionCPE
churchcrmchurchcrm4.5.3cpe:/a:churchcrm:churchcrm:4.5.3:::

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

38.1%

Related for CVE-2023-26840