CVE-2021-25976

Name of the Vulnerable Software and Affected Versions PiranhaCMS versions 4.0.0-alpha1 through 9.2.0

Description The issue allows for cross-site request forgery (CSRF) when performing various actions supported by the management system. These actions include deleting a user, deleting a role, editing a post, and deleting a media folder, among others, when an ID is known.

Recommendations For PiranhaCMS versions 4.0.0-alpha1 through 9.2.0, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent unauthorized actions. As a temporary workaround, restrict access to sensitive management system functions to minimize the risk of exploitation.