What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through <= 2.1.4.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through <= 2.1.4.3.
Explanation of Vulnerability in Simple Terms
InPost Gallery versions up to 2.1.4.3 contain a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unwanted actions on behalf of site administrators or users. An attacker can craft a malicious link or page that, when visited by a logged-in user, triggers unintended changes to gallery settings or content. The vulnerability requires user interaction—the victim must click a link or visit a page—and does not expose sensitive data.
What an attacker can do
Trick a logged-in user into performing unwanted actions on the site, such as modifying gallery settings or content.
Potential impact on your site
Gallery settings or content could be altered without authorization if an admin or user is tricked into visiting a malicious page.
Conditions required to exploit
A logged-in site user must visit an attacker-controlled page or click a malicious link. No special privileges required.
Key dates
External resources