CVE-2024-45264

Suggested description

A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3132 allows remote attackers to add a new administrator, leading to escalation of privileges.

Vulnerability Type

CWE-352 | Cross Site Request Forgery (CSRF)

Vendor of Product

SkySystem (https://skyss.ru/)

Affected Product Code Base

Arfa-CMS - 5.1.3124 and earlier

Impact Escalation of Privileges

true

Has vendor confirmed or acknowledged the vulnerability?

true

Discoverer

Kirill Kalimmulin

Reference

https://skyss.ru

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-45264

Suggested description

Vulnerability Type

Vendor of Product

Affected Product Code Base

Impact Escalation of Privileges

Has vendor confirmed or acknowledged the vulnerability?

Discoverer

Reference

About

Releases

Packages

TheHermione/CVE-2024-45264

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-45264

Suggested description

Vulnerability Type

Vendor of Product

Affected Product Code Base

Impact Escalation of Privileges

Has vendor confirmed or acknowledged the vulnerability?

Discoverer

Reference

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages