PT-2024-21363 · Unknown · Flusity-Cms
Published
2024-02-22
·
Updated
2025-03-25
·
CVE-2024-26349
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
flusity-CMS version 2.33
Description
The issue is related to a Cross-Site Request Forgery (CSRF) in the component
/core/tools/delete translation.php. This allows for unauthorized actions to be performed on behalf of a user without their knowledge or consent.Recommendations
For flusity-CMS version 2.33, as a temporary workaround, consider disabling access to the
/core/tools/delete translation.php component until a patch is available. Restricting the use of this component can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flusity-Cms