Cross-Site Request Forgery Vulnerability in Ftcms by Whiex
CVE-2022-37730

8.8HIGH

Key Information:

Vendor: Ftcms
Status: Ftcms
Vendor: CVE Published:; 7 September 2022

What is CVE-2022-37730?

In version 2.1 of Ftcms, a security flaw exists that allows attackers to conduct Cross-Site Request Forgery (CSRF) attacks. This vulnerability enables malicious actors to create deceptive links that, when clicked by victims, result in unauthorized requests being sent to the server with the victim's credentials. This occurs without the victim's awareness, potentially allowing unwanted actions on their behalf. Proper mitigation strategies should be implemented to safeguard against such attacks.

References

https://github.com/whiex/webvue/blob/gh-pages/Ftcms%20CSR...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 7, 2022
Vulnerability Reserved
Aug 8, 2022