CSRF Vulnerability in Backdrop CMS Allows Remote Code Execution
CVE-2021-45268
8.8HIGH
What is CVE-2021-45268?
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, allowing remote attackers to potentially execute arbitrary code on the hosting web server. This can be achieved by uploading a malicious add-on containing a crafted PHP file, but the attack necessitates a session cookie from a high-privileged authenticated user who has the capability to install arbitrary add-ons. The vendor has expressed disagreement with the severity of this issue, emphasizing the need for appropriate user privileges.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved