Cross Site Request Forgery in ProcessWire by ProcessWire
CVE-2024-41597

4.2MEDIUM

Key Information:

Vendor: ProcessWire
Status: ProcessWire
Vendor: CVE Published:; 19 July 2024

🔔 Create ProcessWire Vulnerability Alert

What is CVE-2024-41597?

A Cross Site Request Forgery vulnerability has been identified in ProcessWire version 3.0.229, which allows remote attackers to exploit the comments functionality. By submitting a crafted HTML file, an attacker could execute arbitrary code, potentially compromising the security of affected installations. This vulnerability highlights the importance of securing user interactions and validating requests within web applications to prevent unauthorized actions.

References

https://gist.github.com/DefensiumDevelopers/608be4d10b016...

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2024
Vulnerability Reserved
Jul 18, 2024

CVE-2024-41597 Data

JSON