Cross-Site Request Forgery Vulnerability in Sitemagic CMS by Sitemagic
CVE-2019-18220

8.8HIGH

Key Information:

Vendor

Sitemagic

Status
Sitemagic
Vendor
CVE Published:
23 October 2019

What is CVE-2019-18220?

Sitemagic CMS version 4.4.1 contains a security vulnerability that facilitates Cross-Site Request Forgery (CSRF) attacks. The lack of request validation means that a remote, unauthenticated attacker can exploit this weakness by crafting malicious requests. This could lead to unauthorized actions being performed by users of the platform, potentially compromising the integrity of user data and the overall security posture of the application.

References

https://github.com/Jemt/SitemagicCMS/blob/master/changelo...
x_refsource_MISC
https://vuldb.com/?id.144008
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.