PT-2022-7966 · Unknown · Download Manager Plugin

Burak Kelebek

Published

2022-06-24

Updated

2022-06-30

CVE-2017-20093

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Download Manager Plugin version 2.8.99

Description A problematic issue was found, leading to cross-site request forgery. The manipulation can be launched remotely, affecting an unknown function.

Recommendations For Download Manager Plugin version 2.8.99, consider disabling the plugin until a patch is available to prevent cross-site request forgery attacks. Restrict access to the plugin to minimize the risk of exploitation. Avoid using the plugin in sensitive environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2017-20093

Affected Products

Download Manager Plugin

PT-2022-7966 · Unknown · Download Manager Plugin

CVE-2017-20093

Weakness Enumeration

Related Identifiers

Affected Products

References · 5