// For flags

CVE-2024-29499

 

Time Line
Published
2024-03-19
Updated
2024-03-19
Firt exploit
2024-03-19
Overview
Descriptions (2)
NVD, NVD
CWE (1)
CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC (-)
Risk
CVSS Score
7.4 High
SSVC
Track*
KEV
-
EPSS
0.0%
Affected Products (-)
Vendors (1)
anchorcms
Products (1)
anchor_cms
Versions (-)
-
Intel Resources (-)
Advisories (-)
-
Exploits (-)
-
Plugins (-)
-
References (1)
General (1)
github
Exploits & POcs (-)
Patches (-)
Advisories (-)
Summary
Descriptions

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2.

Se descubrió que Anchor CMS v0.12.7 contenía una Cross-Site Request Forgery (CSRF) a través de /anchor/admin/users/delete/2.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
Poc
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-03-19 CVE Reserved
  • 2024-03-22 CVE Published
  • 2024-03-23 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
Threat Intelligence Resources (0)
Security Advisory details:

Select an advisory to view details here.

Select an exploit to view details here.

Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Anchorcms
Search vendor "Anchorcms"
 Anchor Cms
Search vendor "Anchorcms" for product "Anchor Cms"
*-
Affected