CVE-2024-42623

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 12, 2024
Updated: Aug 13, 2024
CWE ID 352

Summary

CVE-2024-42623 is a newly disclosed vulnerability affecting FrogCMS version 0.9.5. This issue involves a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to deceitfully trick a user into making unintended actions on a web application, such as deleting content. Specifically, this vulnerability can be exploited through the /admin/?/layout/delete/1 endpoint. Successful exploitation of this CSRF weakness could result in unauthorized deletions, potentially leading to data loss or other significant consequences. It is essential for FrogCMS users running version 0.9.5 to apply the necessary patch or update as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share