Cross-Site Request Forgery in Anchor CMS · CVE-2024-29499 · GitHub Advisory Database · GitHub

Cross-Site Request Forgery in Anchor CMS

High severity GitHub Reviewed Published Mar 22, 2024 to the GitHub Advisory Database • Updated Mar 22, 2024

Package

anchorcms/anchor-cms (Composer)

Affected versions

<= 0.12.7

Patched versions

None

Description

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2.

References

Published by the National Vulnerability Database

Mar 22, 2024

Published to the GitHub Advisory Database Mar 22, 2024

Reviewed Mar 22, 2024

Last updated Mar 22, 2024

Severity

High

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L