PT-2023-11497 · Unknown · Catfish Cms
Godepic
·
Published
2023-06-27
·
Updated
2023-07-06
·
CVE-2020-18409
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CatfishCMS version 4.8.63
Description
A Cross Site Request Forgery (CSRF) issue was found that could allow attackers to gain administrator permissions. The issue is related to the "/index.php/admin/index/modifymanage.html" API endpoint.
Recommendations
For CatfishCMS version 4.8.63, update to a version that includes a fix for this issue, as no specific workaround is provided for this version.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Catfish Cms