CVE-2021-33396

Name of the Vulnerable Software and Affected Versions baijiacms version 4.1.4

Description The issue allows attackers to change the password or other information of an arbitrary account via "index.php". This is a Cross Site Request Forgery (CSRF) vulnerability, which occurs when an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to.

Recommendations For baijiacms version 4.1.4, as a temporary workaround, consider restricting access to the "index.php" endpoint until a patch is available. Avoid using this endpoint for sensitive operations, such as password changes, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.