Cross site request forgery (csrf)

2021-11-1609:15:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.2%

JSON

In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.

CPENameOperatorVersion
piranha_cmseq4.0.0
piranha_cmseq4.0.0 rc1
piranha_cmseq4.0.0 beta1
piranha_cmseq4.0.0 alpha1
piranha_cmseq4.0.0 alpha3
piranha_cmseq4.0.0 alpha4
piranha_cmseq4.0.0 alpha5
piranha_cmseq4.0.0 alpha6
piranha_cmseq4.0.0 alpha7
piranha_cmseq4.0.0 alpha8

Name	Operator	Version
piranha_cms	eq	4.0.0
piranha_cms	eq	4.0.0 rc1
piranha_cms	eq	4.0.0 beta1
piranha_cms	eq	4.0.0 alpha1
piranha_cms	eq	4.0.0 alpha3
piranha_cms	eq	4.0.0 alpha4
piranha_cms	eq	4.0.0 alpha5
piranha_cms	eq	4.0.0 alpha6
piranha_cms	eq	4.0.0 alpha7
piranha_cms	eq	4.0.0 alpha8