Cross-Site Request Forgery in ProcessWire by ProcessWire
CVE-2022-40488

6.5MEDIUM

Key Information:

Vendor: Processwire
Status: Processwire
Vendor: CVE Published:; 31 October 2022

🔔 Create Processwire Vulnerability Alert

What is CVE-2022-40488?

ProcessWire v3.0.200 has been identified with a vulnerability that allows an attacker to exploit Cross-Site Request Forgery (CSRF). This type of issue can enable unauthorized commands to be transmitted from a user that the web application trusts, potentially leading to unwanted data manipulation or exposure of sensitive information. It is critical for users of affected versions to apply necessary security measures to mitigate the risks associated with this vulnerability.

References

http://processwire.com

https://gist.github.com/filipaze/76138289ded98aa45dfcd939...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2022
Vulnerability Reserved
Sep 11, 2022

CVE-2022-40488 Data

JSON