CVE-2020-23960

Published: Jan 11, 2021Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale.

Affected (1)

Products: Fork Cms: Fork Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fork Cms Fork Cms	Before 5.8.3

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://github.com/forkcms/forkcms/pull/3123

Source: cve@mitre.org

PatchThird Party Advisory

https://www.fork-cms.com/blog/detail/fork-5.8.3-released

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/forkcms/forkcms/pull/3123

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.fork-cms.com/blog/detail/fork-5.8.3-released

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.