What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in looswebstudio Arkhe arkhe allows PHP Local File Inclusion.This issue affects Arkhe: from n/a through <= 3.12.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in looswebstudio Arkhe arkhe allows PHP Local File Inclusion.This issue affects Arkhe: from n/a through <= 3.12.0.
Explanation of Vulnerability in Simple Terms
Arkhe versions up to 3.12.0 contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized actions on behalf of an authenticated user without their knowledge. The vulnerability requires specific conditions to exploit but can result in data modification, unauthorized access, or service disruption. Site administrators should update to a version newer than 3.12.0 when available.
What an attacker can do
Perform unauthorized actions on the site by tricking a logged-in user into visiting a malicious page.
Potential impact on your site
Attackers can modify site data, change settings, or perform actions as any authenticated user without their consent.
Conditions required to exploit
A logged-in user must visit an attacker-controlled page while authenticated to the vulnerable Arkhe installation.
Key dates
External resources