CVE-2022-27340

Name of the Vulnerable Software and Affected Versions MCMS version 5.2.7

Description The issue is related to a Cross-Site Request Forgery (CSRF) that occurs via the /role/saveOrUpdateRole.do endpoint. This allows attackers to escalate privileges and modify data.

Recommendations For MCMS version 5.2.7, consider disabling access to the /role/saveOrUpdateRole.do endpoint until a patch is available to prevent exploitation. Restricting privileges to minimize the risk of data modification is also recommended. At the moment, there is no information about a newer version that contains a fix for this vulnerability.