CVE-2021-47754
Arunna 1.0.0 - 'Multiple' Cross-Site Request Forgery (CSRF)
Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users into submitting the form.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
Productos afectados
Arunna · Arunna¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →