← Back

CVE-2021-25976

nvd nist
Published: Nov 16, 2021Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Exploitability: 2.8 / Impact: 5.2
Source: NVD

Description

In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.

Affected (12)

Dotnetfoundation
1 product
Piranha Cms
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Dotnetfoundation
Piranha Cms
From 4.0.1 to 9.2
Piranha Cms
Version 4.0.0
Piranha Cms
Version 4.0.0 alpha1
Piranha Cms
Version 4.0.0 alpha3
Piranha Cms
Version 4.0.0 alpha4
Piranha Cms
Version 4.0.0 alpha5
Piranha Cms
Version 4.0.0 alpha6
Piranha Cms
Version 4.0.0 alpha7
Piranha Cms
Version 4.0.0 alpha8
Piranha Cms
Version 4.0.0 alpha9
Piranha Cms
Version 4.0.0 beta1
Piranha Cms
Version 4.0.0 rc1

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

Source: vulnerabilitylab@mend.io
PatchThird Party Advisory
Source: vulnerabilitylab@mend.io
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.