Cross-Site Request Forgery in Maccms 10 by Magicblack
CVE-2020-21386

8.8HIGH

Key Information:

Vendor: Maccms
Status: Maccms
Vendor: CVE Published:; 4 October 2021

What is CVE-2020-21386?

A vulnerability in Maccms 10's admin interface allows attackers to exploit Cross-Site Request Forgery, leading to unauthorized escalation of privileges for malicious users. This security flaw exposes the system to potential administrative takeover, enabling attackers to manipulate backend functionalities without proper authentication. Precautionary measures and timely updates are crucial to safeguard against this exploit.

References

https://github.com/magicblack/maccms10/issues/126

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2021
Vulnerability Reserved
Aug 13, 2020

CVE-2020-21386 Data

JSON