Cross-Site Request Forgery in EyouCMS by weng-xianhu
CVE-2022-43323

8.8HIGH

Key Information:

Vendor: Eyoucms
Status: Eyoucms
Vendor: CVE Published:; 14 November 2022

Summary

EyouCMS version 1.5.9-UTF8-SP1 is vulnerable to a Cross-Site Request Forgery (CSRF) attack via the Top Up Balance component located within the Edit Member module. This vulnerability allows an attacker to trick a logged-in user into submitting unauthorized requests without their consent. Exploiting this flaw could lead to unauthorized actions being performed on behalf of the user, posing significant risks to account security and data integrity. Users of EyouCMS should consider applying security measures to mitigate the potential impacts of this vulnerability.

References

https://github.com/weng-xianhu/eyoucms/issues/28#issue-14...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2022
Vulnerability Reserved
Oct 17, 2022