PT-2021-24184 · Unknown · Bad Behavior2+1

Published

2021-12-14

Updated

2021-12-30

CVE-2021-44948

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions: glFusion CMS version 1.7.9

Description: The issue is related to a Cross Site Request Forgery (CSRF) vulnerability. This vulnerability is located in the /public html/admin/plugins/bad behavior2/blacklist.php endpoint. An attacker can exploit this issue to trick an administrator into adding a blacklist by getting them to click on a malicious link.

Recommendations: For glFusion CMS version 1.7.9, as a temporary workaround, consider restricting access to the /public html/admin/plugins/bad behavior2/blacklist.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-44948

Affected Products

Bad Behavior2

Glfusion Cms

PT-2021-24184 · Unknown · Bad Behavior2+1

CVE-2021-44948

Related Identifiers

Affected Products

References · 3