CVE-2017-20062

Published: Jun 20, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Affected (1)

Products: Elefantcms: Elefant Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Elefantcms Elefant Cms	Version 1.3.12 rc

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://seclists.org/fulldisclosure/2017/Feb/37

Source: cna@vuldb.com

ExploitMailing ListThird Party Advisory

https://vuldb.com/?id.97259

Source: cna@vuldb.com

ExploitThird Party Advisory

http://seclists.org/fulldisclosure/2017/Feb/37

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://vuldb.com/?id.97259

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.