Cross-Site Request Forgery in FUEL CMS by Daylight Studio
CVE-2021-38721

6.5MEDIUM

Key Information:

Vendor: Thedaylightstudio
Status: Fuel Cms
Vendor: CVE Published:; 9 September 2021

🔔 Create Thedaylightstudio Vulnerability Alert

What is CVE-2021-38721?

FUEL CMS version 1.5.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in its login.php file. This flaw allows attackers to perform unauthorized actions on behalf of authenticated users without their consent. By exploiting this vulnerability, an attacker could potentially manipulate user sessions and perform malicious operations, jeopardizing the integrity of web applications relying on FUEL CMS.

References

https://github.com/daylightstudio/FUEL-CMS/issues/584

x_refsource_MISC

https://github.com/daylightstudio/FUEL-CMS/commit/6164cd7...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2021
Vulnerability Reserved
Aug 16, 2021

CVE-2021-38721 Data

JSON