CVE-2024-45264

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 27, 2024
Updated: Aug 30, 2024
CWE ID 352

Summary

CVE-2024-45264 is a cross-site request forgery (CSRF) vulnerability affecting the admin panel of SkySystem Arfa-CMS versions prior to 5.1.3124, allowing remote attackers to gain elevated privileges by adding new administrators. The vulnerability has a base severity rating of HIGH, with a CVSS score of 8.8, indicating significant risks to confidentiality, integrity, and availability due to its low attack complexity and required user interaction. To remediate this issue, organizations should update their Arfa-CMS installations to version 5.1.3124 or later as soon as possible. Failure to address this vulnerability could lead to unauthorized access and potential exploitation by malicious actors within an organization’s network. Further details can be found in the advisories linked on GitHub and the official product website.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share