CVE-2018-14520

Description

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages.

How to fix CVE-2018-14520

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Packagist/getkirby/cms—no fix listed

Is CVE-2018-14520 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, <= 2.5.12

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-14520
• PATCHgithub.com/getkirby/kirby
• WEBwww.exploit-db.com/exploits/45068
• WEBzaranshaikh.blogspot.com/2018/07/cross-site-request-forgery-kirby-cms.html