Vulnerability Details CVE-2020-26522
A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://packetstormsecurity.com/files/159520/Garfield-Petshop-2020-10-01-Cross-Site-Request-Forgery.html
- http://rysec.io/adv/Petshop_AddAdmin_Exploit.txt
- https://demo.detapos.co.id/petshop/
- https://detapos.co/
- http://packetstormsecurity.com/files/159520/Garfield-Petshop-2020-10-01-Cross-Site-Request-Forgery.html
- http://rysec.io/adv/Petshop_AddAdmin_Exploit.txt
- https://demo.detapos.co.id/petshop/
- https://detapos.co/
Products affected by CVE-2020-26522
-
cpe:2.3:a:garfield_petshop_project:garfield_petshop:-
-
cpe:2.3:a:garfield_petshop_project:garfield_petshop:2020-10-01