CVE-2023-5893
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-5893 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the GitHub repository pkp/pkp-lib before version 3.3.0-16. This issue permits an attacker to trick a user into making unintended actions on the web application, such as modifying their account settings or performing unauthorized transactions. The CSRF tokens used to protect against such attacks were not properly implemented, leaving the system susceptible. Successful exploitation of this vulnerability could result in serious consequences, including data theft or unauthorized access. Users are strongly advised to upgrade their pkp-lib repository to a patched version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Simon Fraser University