CVE-2017-20062

A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Published: Jun 20, 2022
Updated: May 9, 2024
CVE: CVE-2017-20062
GHSA: GHSA-pq7f-cq6q-94xh
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
elefantcms / elefant_cms	1.3.12-rc	1.3.12-rc.x
elefant / cms	-	1.3.13

http://seclists.org/fulldisclosure/2017/Feb/37
https://vuldb.com/?id.97259

Vulnerability Database

CVE-2017-20062