CVE-2023-40172 MEDIUM

CVE-2023-40172: Cross-Site Request Forgery (CSRF) in fobybus/social-media-skeleton

Vendor Fobybus
Product social-media-skeleton
Weakness CWE-352 · CSRF
Published August 18, 2023
Last update October 2, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. Prior to version 1.0.5 Social media skeleton did not properly restrict CSRF attacks. This has been addressed in version 1.0.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

August 18, 2023 CVE published
October 2, 2024 Record updated