CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-23837

HIGH
8.8
CVSS Severity Score
EPSS Score0.0780%
EPSS Percentile13.96th
Published2020年9月25日
Last Modified2024年11月21日

Vulnerability Description

A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL.

Affected Platforms (CPE)

📦
Multi User Project

Multi User

= 1.8.2

References & Advisories

🔗 http://get-simple.info/extend/plugin/multi-user/133/
🔗 https://www.exploit-db.com/exploits/48745
🔗 http://get-simple.info/extend/plugin/multi-user/133/
🔗 https://www.exploit-db.com/exploits/48745

相关漏洞威胁

CVE-2021-4383210.0

Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creati...

CVE-2018-1881510.0

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO Ja...

CVE-2021-3770510.0

OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete author...

CVE-2008-248010.0

PHP remote file inclusion vulnerability in plus.php in plusPHP Short URL Multi-User Script 1.6 allows remote attackers to execute ...