Cross-Site Request Forgery Vulnerability in WonderCMS by WonderCMS
CVE-2017-7951

8.8HIGH

Key Information:

Vendor: Wondercms
Status: Wondercms
Vendor: CVE Published:; 21 April 2017

What is CVE-2017-7951?

WonderCMS versions prior to 2.0.3 are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This security flaw arises from the absence of a proper token in unspecified contexts, which could allow attackers to exploit the application. Implementing safeguards against CSRF is critical for maintaining the integrity and security of web applications. Users are encouraged to update to the latest version to mitigate potential risks.

References

https://www.wondercms.com/forum/viewtopic.php?f=8&p=1684

x_refsource_CONFIRM

https://github.com/robiso/wondercms/releases/tag/2.0.3

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2017
Vulnerability Reserved
Apr 19, 2017

Wondercms

What is CVE-2017-7951?

References

CVSS V3.1

Timeline