CVE-2020-23960
Cross-Site Request Forgery in ForkCMS
8.8
HIGH
CVSS 3.1
EPSS 0.21%
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale.
How to fix CVE-2020-23960
To remediate CVE-2020-23960, upgrade the affected package to a fixed version below.
- —upgrade to 5.8.3 or later
Is CVE-2020-23960 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 5.8.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |