Vulnerabilities

CVE-2020-18694

August 14, 2021

Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component “/admin/profile/save_profile”.

Summary:

Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component “/admin/profile/save_profile”.

Reference Links(if available):

https://github.com/ignitedcms/ignitedcms/issues/5

CVSS Score (if available)

v2: / MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P

v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Links to Exploits(if available)

Tags: CVE, CVE-2020-18694, exploit, MISC, vulnerability

CVE-2020-18694

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

Piping Rock – 2,103,100 breached accounts

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: CISA and Partners Release Advisory on Akira Ransomware

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

Piping Rock – 2,103,100 breached accounts

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: CISA and Partners Release Advisory on Akira Ransomware

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller