Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagic users into performing unwarranted actions.
References
Link | Resource |
---|---|
https://github.com/Jemt/SitemagicCMS/blob/master/changelog.txt | Release Notes Third Party Advisory |
https://vuldb.com/?id.144008 | Permissions Required Third Party Advisory |
Configurations
Information
Published : 2019-10-23 07:15
Updated : 2019-10-24 11:36
NVD link : CVE-2019-18220
Mitre link : CVE-2019-18220
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
sitemagic
- sitemagic