Cross Site Request Forgery in Eyoucms by Eyou
CVE-2020-19669

8.8HIGH

Key Information:

Vendor

Eyoucms

Status
Eyoucms
Vendor
CVE Published:
18 August 2021

What is CVE-2020-19669?

A Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms version 1.3.6, allowing an attacker to create an admin account through a malicious request sent to the /login.php endpoint. If exploited, this vulnerability can compromise the integrity of the application and grant unauthorized access to sensitive administrative functions.

References

https://github.com/eyoucms/eyoucms/issues/4
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.