CVE-2024-35475

May 22, 2024, 7:15 p.m.

Tags

cve@mitre.org
2024-05-22
CVE-2024-35475

Product(s) Impacted

OpenKM Community Edition

  • before 6.3.13

OpenKM Community Edition

  • before 6.3.12

Description

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands.

Weaknesses

Date

Published: May 22, 2024, 2:15 p.m.

Last Modified: May 22, 2024, 7:15 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@mitre.org

References

https://github.com/carsonchan12345/CVE-2024-35475
cve@mitre.org
https://github.com/carsonchan12345/OpenKM-CSRF-PoC
cve@mitre.org