GHSA-322v-p3jc-7hrg

Source

https://github.com/advisories/GHSA-322v-p3jc-7hrg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-322v-p3jc-7hrg/GHSA-322v-p3jc-7hrg.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-322v-p3jc-7hrg

Aliases

CVE-2022-25576

Published

2022-03-26T00:00:34Z

Modified

2023-11-01T04:58:19.520222Z

Severity

4.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Cross-Site Request Forgery in Anchor CMS

Details

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.

Database specific

{
    "nvd_published_at": "2022-03-24T23:15:00Z",
    "github_reviewed_at": "2022-03-30T18:05:15Z",
    "cwe_ids": [
        "CWE-352"
    ],
    "github_reviewed": true,
    "severity": "MODERATE"
}

References

Affected packages

Packagist / anchorcms/anchor-cms

Package

Name: anchorcms/anchor-cms
Purl: pkg:composer/anchorcms/anchor-cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.12.7

Affected versions

0.*

0.9

0.9.1

0.9.2

0.9.3-a

0.9.3-b

0.9.3

0.9.3.1-a

0.11

0.12

0.12.1

0.12.3a

0.12.3

0.12.6

0.12.7

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-322v-p3jc-7hrg/GHSA-322v-p3jc-7hrg.json"