Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagic users into performing unwarranted actions.
References
Link | Resource |
---|---|
https://github.com/Jemt/SitemagicCMS/blob/master/changelog.txt | Release Notes Third Party Advisory |
https://vuldb.com/?id.144008 | Permissions Required Third Party Advisory |
https://github.com/Jemt/SitemagicCMS/blob/master/changelog.txt | Release Notes Third Party Advisory |
https://vuldb.com/?id.144008 | Permissions Required Third Party Advisory |
Configurations
History
21 Nov 2024, 04:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/Jemt/SitemagicCMS/blob/master/changelog.txt - Release Notes, Third Party Advisory | |
References | () https://vuldb.com/?id.144008 - Permissions Required, Third Party Advisory |
Information
Published : 2019-10-23 14:15
Updated : 2024-11-21 04:32
NVD link : CVE-2019-18220
Mitre link : CVE-2019-18220
CVE.ORG link : CVE-2019-18220
JSON object : View
Products Affected
sitemagic
- sitemagic
CWE
CWE-352
Cross-Site Request Forgery (CSRF)