CVE-2020-18326
published 2022-03-04CVE-2020-18326: Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote…
PriorityP347high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
2.23%
80.5th percentile
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intelliants | subrion | 0 – 4.2.1 | — |
| intelliants | subrion_cms | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross Site Request Forgery in intelliants/subrion
osv·2022-03-05
CVE-2020-18326 [HIGH] Cross Site Request Forgery in intelliants/subrion
Cross Site Request Forgery in intelliants/subrion
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
GHSA
Cross Site Request Forgery in intelliants/subrion
ghsa·2022-03-05
CVE-2020-18326 [HIGH] CWE-352 Cross Site Request Forgery in intelliants/subrion
Cross Site Request Forgery in intelliants/subrion
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-03-04
Published