CyberSec.Space Logo
Back to CVE Browser

CVE-2019-13183

HIGH
8.8
CVSS Severity Score
EPSS Score0.1570%
EPSS Percentile13.87th
PublishedJul 7, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.

Affected Platforms (CPE)

πŸ“¦
Flarum

Flarum

= 0.1.0
πŸ“¦
Flarum

Flarum

= 0.1.0
πŸ“¦
Flarum

Flarum

= 0.1.0
πŸ“¦
Flarum

Flarum

= 0.1.0
πŸ“¦
Flarum

Flarum

= 0.1.0
πŸ“¦
Flarum

Flarum

= 0.1.0
πŸ“¦
Flarum

Flarum

= 0.1.0
πŸ“¦
Flarum

Flarum

= 0.1.0
πŸ“¦
Flarum

Flarum

= 0.1.0
πŸ“¦
Flarum

Flarum

= 0.1.0
πŸ“¦
Flarum

Flarum

= 0.1.0
πŸ“¦
Flarum

Flarum

= 0.1.0

References & Advisories

πŸ”— https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released
πŸ”— https://github.com/flarum/core/blob/master/CHANGELOG.md
πŸ”— https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6
πŸ”— https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released
πŸ”— https://github.com/flarum/core/blob/master/CHANGELOG.md
πŸ”— https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6

Related Vulnerabilities

CVE-2021-3267110.0

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HT...

CVE-2019-115147.5

User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.

CVE-2021-212835.4

Flarum is an open source discussion platform for websites. The "Flarum Sticky" extension versions 0.1.0-beta.14 and 0.1.0-beta.15 ...

CVE-2018-191335.3

In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address.