Vulnerability Details CVE-2024-37160
Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard). This vulnerability is fixed in 1.13.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.8%
CVSS Severity
CVSS v3 Score 4.8
References
- https://github.com/getformwork/formwork/commit/9d471204f7ebb51c3c27131581c2b834315b5e0b
- https://github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5
- https://github.com/getformwork/formwork/security/advisories/GHSA-5pxr-7m4j-jjc6
- https://github.com/getformwork/formwork/commit/9d471204f7ebb51c3c27131581c2b834315b5e0b
- https://github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5
- https://github.com/getformwork/formwork/security/advisories/GHSA-5pxr-7m4j-jjc6
Products affected by CVE-2024-37160
-
cpe:2.3:a:formwork_project:formwork:-
-
cpe:2.3:a:formwork_project:formwork:0.10.0
-
cpe:2.3:a:formwork_project:formwork:0.10.1
-
cpe:2.3:a:formwork_project:formwork:0.10.2
-
cpe:2.3:a:formwork_project:formwork:0.10.3
-
cpe:2.3:a:formwork_project:formwork:0.10.4
-
cpe:2.3:a:formwork_project:formwork:0.10.5
-
cpe:2.3:a:formwork_project:formwork:0.11.0
-
cpe:2.3:a:formwork_project:formwork:0.11.1
-
cpe:2.3:a:formwork_project:formwork:0.11.2
-
cpe:2.3:a:formwork_project:formwork:0.12.0
-
cpe:2.3:a:formwork_project:formwork:0.12.1
-
cpe:2.3:a:formwork_project:formwork:0.6.10
-
cpe:2.3:a:formwork_project:formwork:0.6.11
-
cpe:2.3:a:formwork_project:formwork:0.6.12
-
cpe:2.3:a:formwork_project:formwork:0.6.9
-
cpe:2.3:a:formwork_project:formwork:0.7.0
-
cpe:2.3:a:formwork_project:formwork:0.7.1
-
cpe:2.3:a:formwork_project:formwork:0.7.2
-
cpe:2.3:a:formwork_project:formwork:0.8.0
-
cpe:2.3:a:formwork_project:formwork:0.8.1
-
cpe:2.3:a:formwork_project:formwork:0.9.0
-
cpe:2.3:a:formwork_project:formwork:0.9.1
-
cpe:2.3:a:formwork_project:formwork:0.9.2
-
cpe:2.3:a:formwork_project:formwork:0.9.3
-
cpe:2.3:a:formwork_project:formwork:0.9.4
-
cpe:2.3:a:formwork_project:formwork:0.9.5
-
cpe:2.3:a:formwork_project:formwork:0.9.6
-
cpe:2.3:a:formwork_project:formwork:1.0.0
-
cpe:2.3:a:formwork_project:formwork:1.1.0
-
cpe:2.3:a:formwork_project:formwork:1.1.1
-
cpe:2.3:a:formwork_project:formwork:1.10.0
-
cpe:2.3:a:formwork_project:formwork:1.10.1
-
cpe:2.3:a:formwork_project:formwork:1.10.2
-
cpe:2.3:a:formwork_project:formwork:1.10.3
-
cpe:2.3:a:formwork_project:formwork:1.11.0
-
cpe:2.3:a:formwork_project:formwork:1.11.1
-
cpe:2.3:a:formwork_project:formwork:1.12.0
-
cpe:2.3:a:formwork_project:formwork:1.12.1
-
cpe:2.3:a:formwork_project:formwork:1.13.0
-
cpe:2.3:a:formwork_project:formwork:1.2.0
-
cpe:2.3:a:formwork_project:formwork:1.2.1
-
cpe:2.3:a:formwork_project:formwork:1.3.0
-
cpe:2.3:a:formwork_project:formwork:1.3.1
-
cpe:2.3:a:formwork_project:formwork:1.4.0
-
cpe:2.3:a:formwork_project:formwork:1.4.1
-
cpe:2.3:a:formwork_project:formwork:1.4.2
-
cpe:2.3:a:formwork_project:formwork:1.4.3
-
cpe:2.3:a:formwork_project:formwork:1.4.4
-
cpe:2.3:a:formwork_project:formwork:1.4.5
-
cpe:2.3:a:formwork_project:formwork:1.4.6
-
cpe:2.3:a:formwork_project:formwork:1.4.7
-
cpe:2.3:a:formwork_project:formwork:1.5.0
-
cpe:2.3:a:formwork_project:formwork:1.5.1
-
cpe:2.3:a:formwork_project:formwork:1.5.2
-
cpe:2.3:a:formwork_project:formwork:1.6.0
-
cpe:2.3:a:formwork_project:formwork:1.6.1
-
cpe:2.3:a:formwork_project:formwork:1.7.0
-
cpe:2.3:a:formwork_project:formwork:1.7.1
-
cpe:2.3:a:formwork_project:formwork:1.8.0
-
cpe:2.3:a:formwork_project:formwork:1.9.0
-
cpe:2.3:a:formwork_project:formwork:1.9.1