What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup everest-backup allows Cross Site Request Forgery.This issue affects Everest Backup: from n/a through <= 2.3.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup everest-backup allows Cross Site Request Forgery.This issue affects Everest Backup: from n/a through <= 2.3.3.
Explanation of Vulnerability in Simple Terms
Everest Backup versions up to 2.3.3 contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unwanted actions on behalf of an authenticated user. The vulnerability requires user interaction—typically clicking a malicious link or visiting a compromised page. An attacker can modify backup settings or trigger unintended backup operations, but cannot read sensitive data.
What an attacker can do
Perform backup operations or modify settings on behalf of an authenticated user without their knowledge.
Potential impact on your site
Backup configurations could be altered or backups triggered unexpectedly, potentially disrupting site operations or data integrity.
Conditions required to exploit
User must be logged in and click a malicious link or visit an attacker-controlled page.
Key dates
External resources