CVE-2021-46028

{"id": "CVE-2021-46028", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-01-20T00:15:08.287", "references": [{"url": "https://github.com/langhsu/mblog/issues/50", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/langhsu/mblog/issues/50", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted."}, {"lang": "es", "value": "En mblog versiones anteriores a 3.5.0 incluy\u00e9ndola, se presenta una vulnerabilidad de tipo CSRF en la administraci\u00f3n de art\u00edculos en segundo plano. El atacante construye una carga de tipo CSRF. Una vez que el administrador hace clic en un enlace malicioso, el art\u00edculo ser\u00e1 eliminado"}], "lastModified": "2024-11-21T06:33:30.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mblog_project:mblog:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5F1CCD0-DEBF-475A-8CAA-9DBE10C9D393", "versionEndIncluding": "3.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}