Vulnerability Details : CVE-2017-20062
Potential exploit
A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2017-20062
- cpe:2.3:a:elefantcms:elefant_cms:1.3.12:rc:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-20062
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-20062
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
5.0
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
1.6
|
3.4
|
VulDB | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2017-20062
-
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.Assigned by:
- cna@vuldb.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2017-20062
-
https://vuldb.com/?id.97259
CVE-2017-20062 | Elefant CMS cross-site request forgeryExploit;Third Party Advisory
-
http://seclists.org/fulldisclosure/2017/Feb/37
Full Disclosure: Elefant CMS 1.3.12-RC: CSRFExploit;Mailing List;Third Party Advisory
Jump to