CVE-2020-25263

HIGH7.1EPSS 0.13%

PyroCMS Vulnerable to CSRF

發布日:2022/5/24修改日:2024/4/25

描述

PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the `admin/addons/uninstall/anomaly.module.blocks` URI: an arbitrary plugin will be deleted.

受影響套件(1)

Packagist/pyrocms/pyrocmsfrom 0, <= 3.7

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-25263
PATCHhttps://github.com/pyrocms/pyrocms
WEBhttps://gist.github.com/farid007/df51b0666643ec01d5571cbcc1e966e7