Cross-Site Request Forgery in forkcms

2021-06-2215:23:45

Google

osv.dev

0.001 Low

EPSS

Percentile

38.0%

JSON

Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.

CPENameOperatorVersion
forkcms/forkcmseq5.4.0
forkcms/forkcmseq4.5.0
forkcms/forkcmseq3.9.6
forkcms/forkcmseq3.8.0
forkcms/forkcmseq5.6.0
forkcms/forkcmseq4.2.3
forkcms/forkcmseq4.0.4
forkcms/forkcmseq5.0.0
forkcms/forkcmseq5.8.0
forkcms/forkcmseq4.2.1

Name	Operator	Version
forkcms/forkcms	eq	5.4.0
forkcms/forkcms	eq	4.5.0
forkcms/forkcms	eq	3.9.6
forkcms/forkcms	eq	3.8.0
forkcms/forkcms	eq	5.6.0
forkcms/forkcms	eq	4.2.3
forkcms/forkcms	eq	4.0.4
forkcms/forkcms	eq	5.0.0
forkcms/forkcms	eq	5.8.0
forkcms/forkcms	eq	4.2.1