GHSA-56xx-pv88-2662

Source

https://github.com/advisories/GHSA-56xx-pv88-2662

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-56xx-pv88-2662/GHSA-56xx-pv88-2662.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-56xx-pv88-2662

Aliases

CVE-2020-25262

Published

2022-05-24T17:30:19Z

Modified

2024-04-25T23:11:46.227681Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

PyroCMS Vulnerable to CSRF

Details

PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.

Database specific

{
    "nvd_published_at": "2020-10-08T13:15:00Z",
    "cwe_ids": [
        "CWE-352"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T22:56:10Z"
}

References

Affected packages

Packagist / pyrocms/pyrocms

Package

Name: pyrocms/pyrocms
Purl: pkg:composer/pyrocms/pyrocms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.7

Affected versions

v2.*

v2.3.0-alpha1

v2.3.0-beta1

3.*

3.0.0-alpha1

3.0.0-alpha2

3.4.11

v3.*

v3.0.0-beta1

v3.0.0-beta2

v3.0.0-beta3

v3.0.0-rc1

v3.0.0-rc2

v3.0.0

v3.0.1

v3.0.2

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.4.7

v3.4.8

v3.4.9

v3.4.10

v3.4.12

v3.4.13

v3.4.14

v3.4.15

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.6.0

v3.6.1

v3.6.2

v3.6.3

v3.6.4

v3.6.5