CVE-2024-9282

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 27, 2024
Updated: Sep 30, 2024
CWE ID 352

Summary

CVE-2024-9282 is a vulnerability identified in bg5sbk MiniCMS version 1.11, which affects an unspecified function within the file page-edit.php, leading to a cross-site request forgery (CSRF) attack that can be executed remotely. The potential danger posed by this vulnerability includes unauthorized actions being performed on behalf of users without their consent, which could compromise the integrity of the system. Remediation steps are not explicitly detailed, and since the vendor has not responded to disclosures regarding this issue, organizations are advised to monitor for updates or consider implementing CSRF protection mechanisms. The vulnerability has been rated with a medium severity score of 4.3 and has an exploitability score of 2.8, indicating that user interaction is required for exploitation. Affected products include those utilizing this version of MiniCMS, emphasizing the importance for users to assess their exposure and take necessary precautions.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share