Lucene search
Veracode Vulnerability DatabaseVERACODE:38318HistoryDec 02, 2022 - 2:13 a.m.
Cross-Site Request Forgery (CSRF)
2022-12-0202:13:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
cross-site request forgery
csrf
super administrator
credential injection
software
0.001 Low
EPSS
Percentile
43.5%
thinkcmf/thinkcmf is vulnerable to cross-site request forgery. The vulnerability exists because it is possible to inject a Super Administrator user into administrative users, which allows an attacker to take control of the site via credential injection.
| CPE | Name | Operator | Version |
|---|---|---|---|
| thinkcmf/thinkcmf | le | v6.0.7 | |
| thinkcmf/thinkcmf | le | v6.0.7 |
Related
cve
cve
CVE-2022-40489
2022-12-01 05:15:11
github
github
ThinkCMF Cross Site Request Forgery (CSRF) vulnerability
2022-12-01 06:30:26
osv
osv
CVE-2022-40489
2022-12-01 05:15:11
ThinkCMF Cross Site Request Forgery (CSRF) vulnerability
2022-12-01 06:30:26
nvd
nvd
CVE-2022-40489
2022-12-01 05:15:11
cvelist
cvelist
CVE-2022-40489
2022-12-01 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-12-01 05:15:00