Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2022-40489
Good to know:
Date: November 30, 2022
ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users.
Language: PHP
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Cross-Site Request Forgery (CSRF)
CWE-352Top Fix
Upgrade Version
Upgrade to version oyswonder/thinkcmf - no_fix;oyswonder/thinkcmf - 5.1.0-beta;oyswonder/thinkcmf - 5.0.190111;oyswonder/thinkcmf - 5.0-Beta;thinkcmf/cmf-app - 8.0.x-dev;thinkcmf/cmf-app - v6.0.15;thinkcmf/cmf-app - v6.0.1;thinkcmf/cmf-app - v6.0.5;thinkcmf/cmf-app - v6.0.11;thinkcmf/cmf-app - v5.1.7;thinkcmf/cmf-app - v5.1.0;uban/cmf-app - v5.1.0;uban/cmf-app - no_fix;thinkcmf/thinkcmf - v5.1.7;thinkcmf/thinkcmf - 5.1.0-beta;thinkcmf/thinkcmf - v6.0.8;thinkcmf/thinkcmf - v6.0.1;thinkcmf/thinkcmf - v5.1.0;thinkcmf/thinkcmf - 5.0-Beta;catman/thinkcmf - 5.0-Beta;catman/thinkcmf - no_fix;catman/thinkcmf - 5.0.190111;catman/thinkcmf - 5.1.0-beta;oyswonder/cmf-app - no_fix;shenmuwangluo/thinkcmf-cmf-app - no_fix;kimcastle/cmf-app - 1.0.4
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |