CVE-2024-42628
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Aug 12, 2024
Updated: Aug 15, 2024
CWE ID 352
Summary
CVE-2024-42628 is a newly disclosed Cross-Site Request Forgery (CSRF) vulnerability affecting FrogCMS version 0.9.5. This issue allows attackers to manipulate user actions on the admin dashboard by intercepting and modifying valid requests. The vulnerability can be exploited through the /admin/?/snippet/edit/3 endpoint, potentially leading to unauthorized content modifications or management actions. Users are strongly encouraged to update to the latest version of FrogCMS to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share