PT-2020-16047 · Pyrocms · Pyrocms

Farid007

·

Published

2020-10-08

·

Updated

2022-05-24

·

CVE-2020-25262

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions PyroCMS version 3.7
Description The issue is related to cross-site request forgery (CSRF) via the "admin/pages/delete/" URI, which can lead to the deletion of pages.
Recommendations For PyroCMS version 3.7, consider disabling access to the "admin/pages/delete/" URI as a temporary workaround until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-25262
GHSA-56XX-PV88-2662

Affected Products

Pyrocms