CVE-2023-27073

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 62.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oretnom23 Online Food Ordering System

Timeline

PublishedMar 14

Description

A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDoretnom23/online_food_ordering_system1.0

🔴Vulnerability Details

CVEList

CVE-2023-27073: A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1↗2023-03-14

▶

GHSA

GHSA-gjmx-fc7p-8h6w: A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1↗2023-03-14

▶