Cross-Site Request Forgery Vulnerability in b2evolution CMS by b2evolution
CVE-2021-31631

8.8HIGH

Key Information:

Vendor: B2evolution
Status: B2evolution Cms
Vendor: CVE Published:; 6 December 2021

🔔 Create B2evolution Vulnerability Alert

What is CVE-2021-31631?

b2evolution CMS v7.2.3 is susceptible to a Cross-Site Request Forgery (CSRF) attack via the User login page. This vulnerability could allow an attacker to perform unauthorized actions on behalf of an authenticated user, potentially leading to privilege escalation.

References

https://gist.github.com/stacksmasher007/76514ab2b782fb438...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2021
Vulnerability Reserved
Apr 23, 2021

JSON