CSRF Vulnerability in Image Resizer Plugin for Craft CMS by Verbb
CVE-2020-13458

8.8HIGH

Key Information:

Vendor: Verbb
Status: Image Resizer
Vendor: CVE Published:; 25 May 2020

What is CVE-2020-13458?

A Cross-Site Request Forgery (CSRF) vulnerability has been detected in the Image Resizer plugin prior to version 2.0.9 for Craft CMS. The vulnerability affects the log-clear controller action, allowing attackers to execute unauthorized actions on behalf of a user without their consent. This exploitation could lead to the exposure of sensitive data or unauthorized control over the application. Users are urged to update to the latest version to mitigate this security risk.

References

https://github.com/verbb/image-resizer/blob/craft-3/CHANG...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2020
Vulnerability Reserved
May 25, 2020

CVE-2020-13458 Data

JSON