Vulnerability Details CVE-2019-13183
Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released
- https://github.com/flarum/core/blob/master/CHANGELOG.md
- https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6
- https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released
- https://github.com/flarum/core/blob/master/CHANGELOG.md
- https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6