CVE-2024-2232 Himer - Social Questions and Answers < 2.1.3 - CSRF While Sending the Invites

2024-08-0506:00:01

WPScan

github.com

himer

social questions

csrf vulnerability

invite mechanism

private groups

AI Score

6.9

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

The lacks CSRF checks allowing a user to invite any user to any group (including private groups)

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Himer",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "2.1.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:2code:himer:*:*:*:*:*:*:*:*"
    ],
    "vendor": "2code",
    "product": "himer",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "2.1.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]