CVE-2020-20693

Description

A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.

Affected packages (1)

• Packagist/gilacms/gilafrom 0, <= 1.11.4

CVSS scores

References (3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-20693
• PATCHhttps://github.com/GilaCMS/gila
• WEBhttps://github.com/GilaCMS/gila/issues/51