CVE-2020-23264Cross-Site Request Forgery in Fork CMS

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 70.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fork-cms Fork CMSForkcms
Timeline
PublishedMay 6
Latest updateJun 22

Description

Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

Packagistforkcms/forkcms< 5.8.2
NVDfork-cms/fork_cms< 5.8.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
OSV
Cross-Site Request Forgery in forkcms2021-06-22
GHSA
Cross-Site Request Forgery in forkcms2021-06-22
CVE-2020-23264 — Cross-Site Request Forgery in Fork CMS | cvebase