Cross site request forgery (csrf)

2021-03-1519:15:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.2%

JSON

The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).

CPENameOperatorVersion
grav_cmseq1.7.0 beta8
grav_cmseq1.7.0 beta9
grav_cmseq1.7.0 beta10
grav_cmseq1.7.0 rc1
grav_cmseq1.7.0 rc2
grav_cmseq1.7.0 rc3
grav_cmseq1.7.0 rc4
grav_cmseq1.7.0 rc5
grav_cmseq1.7.0 rc6
grav_cmseq1.7.0 rc7

Name	Operator	Version
grav_cms	eq	1.7.0 beta8
grav_cms	eq	1.7.0 beta9
grav_cms	eq	1.7.0 beta10
grav_cms	eq	1.7.0 rc1
grav_cms	eq	1.7.0 rc2
grav_cms	eq	1.7.0 rc3
grav_cms	eq	1.7.0 rc4
grav_cms	eq	1.7.0 rc5
grav_cms	eq	1.7.0 rc6
grav_cms	eq	1.7.0 rc7