Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
Spina CMS
- up to 2.18.0
Source
cna@vuldb.com
Tags
CVE-2024-7065 details
Published : July 24, 2024, 10:15 a.m.
Last Modified : July 24, 2024, 12:55 p.m.
Last Modified : July 24, 2024, 12:55 p.m.
Description
A vulnerability was found in Spina CMS up to 2.18.0. It has been classified as problematic. Affected is an unknown function of the file /admin/pages/. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272346 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
| 1 | 2 | 3 | 4.3 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-352 | Cross-Site Request Forgery (CSRF) | The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
Base Score
4.3
Exploitability Score
2.8
Impact Score
1.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References
| URL | Source |
|---|---|
| https://github.com/topsky979/Security-Collections/blob/main/1700810/README.md | cna@vuldb.com |
| https://vuldb.com/?ctiid.272346 | cna@vuldb.com |
| https://vuldb.com/?id.272346 | cna@vuldb.com |
| https://vuldb.com/?submit.375236 | cna@vuldb.com |
This website uses the NVD API, but is not approved or certified by it.