Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yMmNxLXh4cjktanJyds4AAUs0
Zenario CMS vulnerable to CSRF
Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yMmNxLXh4cjktanJyds4AAUs0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 10 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-22cq-xxr9-jrrv, CVE-2018-18420
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-18420
- http://packetstormsecurity.com/files/149851/Zenar-Content-Management-System-8.3-Cross-Site-Request-Forgery.html
- https://github.com/advisories/GHSA-22cq-xxr9-jrrv
Affected Packages
packagist:tribalsystems/zenario
Dependent packages: 1Dependent repositories: 1
Downloads: 188 total
Affected Version Ranges: < 8.3
No known fixed version
All affected versions: 7.5.40440, 7.5.41006, 7.5.41499, 7.5.41633, 7.5.42085, 7.5.42990, 7.5.47180, 7.6.41504, 7.6.41633, 7.6.42085, 7.6.42990, 7.6.47180, 7.7.42682, 7.7.42963, 7.7.42990, 7.7.44223, 7.7.47180, 7.7.47369, 7.7.48583, 8.0.44237, 8.0.44273, 8.0.44294, 8.0.44521, 8.0.45032, 8.0.45250, 8.0.45529, 8.0.47180, 8.0.48583, 8.1.45530, 8.1.45698, 8.1.46089, 8.1.46433, 8.1.46615, 8.1.47180, 8.1.47369, 8.1.48583, 8.2.46436, 8.2.46614, 8.2.47180, 8.2.47369, 8.2.47992, 8.2.48583