CVE-2023-1722Cross-Site Request Forgery in Class Registration System

CWE-352Cross-Site Request Forgery7 documents5 sources
Severity
8.8HIGHNVD
CNA9.1
EPSS
0.1%
top 76.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Yoga Class Registration SystemYoga Class Registration System Project Yoga Class Registration System
Timeline
PublishedJun 24

Description

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-r7rj-r49c-jw49: Yoga Class Registration System version 12023-06-24
CVEList
Yoga Class Registration System 1.0 - ATO2023-06-24

📋Vendor Advisories

3
Microsoft
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability2023-05-09
Microsoft
Microsoft Edge (Chromium-based) Spoofing Vulnerability2023-04-11
Microsoft
Microsoft Edge (Chromium-based) Tampering Vulnerability2023-04-11
CVE-2023-1722 — Cross-Site Request Forgery | cvebase