CVE-2020-25263

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-25263

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25263.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-25263

Aliases

GHSA-vg2g-698h-v9w3

Published

2020-10-08T13:15:10.923Z

Modified

2025-11-14T10:57:33.554144Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L CVSS Calculator

Summary

[none]

Details

PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted.

References

Affected packages

Git / github.com/pyrocms/pyrocms

Affected ranges

Type: GIT
Repo: https://github.com/pyrocms/pyrocms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

6f0f379a301ad3b3e855b6b20803bb9552471481

Affected versions

3.*

3.0.0-alpha1

v3.*

v3.0.0

v3.0.0-beta1

v3.0.0-beta2

v3.0.0-beta3

v3.0.0-rc1

v3.0.0-rc2

v3.0.1

v3.0.2

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4.0

v3.4.1

v3.4.10

v3.4.11

v3.4.12

v3.4.13

v3.4.14

v3.4.15

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.4.7

v3.4.8

v3.4.9

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.6.0

v3.6.1

v3.6.2

v3.6.3

v3.7.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25263.json"