Cross site request forgery (csrf)

2023-04-2513:15:00

PRIOn knowledge base

www.prio-n.com

cross-site request forgery

churchcrm v4.5.3

attackers

set user

administrator

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.1%

JSON

A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator.

CPENameOperatorVersion
churchcrmeq4.5.3

CPE	Name	Operator	Version
	churchcrm	eq	4.5.3

References

github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-26840

github.com/ChurchCRM/CRM