CVE-2024-7161 | SeaCMS 13.0 Password Change member.php newpwd/newpwd2 cross-site request forgery (Issue 30)

Inserito da Angelo Barbosa | Lug 27, 2024 | CVE

A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Change Handler. The manipulation of the argument newpwd/newpwd2 leads to cross-site request forgery.

This vulnerability is known as CVE-2024-7161. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-7161 | SeaCMS 13.0 Password Change member.php newpwd/newpwd2 cross-site request forgery (Issue 30)

Post correlati

CVE-2024-47387 | LinkGraph Search Atlas SEO Plugin up to 1.8.2 on WordPress cross site scripting

CVE-2024-1549 | Mozilla Firefox up to 122 Cursor improper restriction of rendered ui layers

CVE-2024-4024 | GitLab Community Edition/Enterprise Edition up to 16.9.5/16.10.3/16.11.0 Bitbucket Credentials improper authentication

CVE-2024-43240 | azzaroco Ultimate Membership Pro Plugin up to 12.6 on WordPress privileges management