CVE-2020-18409 : Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8

Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html.

Published 2023-06-27 21:15:16

Updated 2023-07-06 14:59:47

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Products affected by CVE-2020-18409

Catfishcms Project » Catfishcms » Version: 4.8.63
cpe:2.3:a:catfishcms_project:catfishcms:4.8.63:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-18409

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 7 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-18409

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H	0.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-18409

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-18409

https://github.com/xwlrbh/Catfish/issues/5

Bug: CatfishCMS V 4.8.63 CSRF · Issue #5 · xwlrbh/Catfish · GitHub
Exploit;Issue Tracking

Jump to

Vulnerability Details : CVE-2020-18409

Products affected by CVE-2020-18409

Exploit prediction scoring system (EPSS) score for CVE-2020-18409

CVSS scores for CVE-2020-18409

CWE ids for CVE-2020-18409

References for CVE-2020-18409