Lucene search
GitHub Advisory DatabaseGHSA-4CW3-RHQX-VQWRHistoryJun 20, 2023 - 3:31 p.m.
GilaCMS Cross Site Request Forgery vulnerability
2023-06-2015:31:08
CWE-352
GitHub Advisory Database
github.com
2
gilacms
csrf
vulnerability
remote code execution
parameter
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
64.9%
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.
Affected configurations
Node
gilacmsgila_cmsRange≤1.11.4
| CPE | Name | Operator | Version |
|---|---|---|---|
| gilacms/gila | le | 1.11.4 |
Related
osv
osv
GilaCMS Cross Site Request Forgery vulnerability
2023-06-20 15:31:08
nvd
nvd
CVE-2020-20726
2023-06-20 15:15:10
cve
cve
CVE-2020-20726
2023-06-20 15:15:10
prion
prion
Cross site request forgery (csrf)
2023-06-20 15:15:00
cvelist
cvelist
CVE-2020-20726
2023-06-20 00:00:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2023-06-30 11:58:53
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
64.9%
Related for GHSA-4CW3-RHQX-VQWR