Cross Site Request Forgery (CSRF) Affecting flarum/core package, versions <0.1.0-beta.9
Snyk CVSS
Attack Complexity
High
Scope
Changed
Confidentiality
High
Threat Intelligence
EPSS
0.27% (68th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-FLARUMCORE-451555
- published 8 Jul 2019
- disclosed 5 Jul 2019
- credit CuPcakeN1njA
Introduced: 5 Jul 2019
CVE-2019-13183 Open this link in a new tabHow to fix?
Upgrade flarum/core
to version 0.1.0-beta.9 or higher.
Overview
flarum/core is a simple discussion platform for your website.
Affected versions of this package are vulnerable to Cross Site Request Forgery (CSRF). The package allows CSRF against all POST endpoints by changing admin settings.