1 results (0.002 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3

TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. • https://github.com/S1lkys/CVE-2020-29254 https://github.com/S1lkys/CVE-2020-29254/blob/main/Tiki-Wiki%2021.2%20by%20Maximilian%20Barz.pdf https://youtu.be/Uc3sRBitu50 • CWE-352: Cross-Site Request Forgery (CSRF) •