PT-2022-27338 · Bosscms · Bosscms
5497Lvren
·
Published
2022-11-28
·
Updated
2022-12-01
·
CVE-2022-44937
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Bosscms version 2.0.0
Description
The issue is related to a Cross-Site Request Forgery (CSRF) that was discovered in Bosscms. This CSRF is specifically via the
Add function under the Administrator List module.Recommendations
For Bosscms version 2.0.0, consider disabling the
Add function under the Administrator List module as a temporary workaround until a patch is available. Restrict access to the Administrator List module to minimize the risk of exploitation.Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bosscms