What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi Framework civi-framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through <= 2.1.6.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi Framework civi-framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through <= 2.1.6.
Explanation of Vulnerability in Simple Terms
Civi Framework versions up to 2.1.6 contain a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unwanted actions on behalf of authenticated users. An attacker can craft a malicious link or page that, when visited by a logged-in user, triggers unintended state changes or data modifications. The vulnerability requires user interaction but can cause significant disruption to site availability and data integrity.
What an attacker can do
Trick a logged-in user into performing unwanted actions, such as modifying data or changing settings.
Potential impact on your site
Users' accounts can be compromised to perform actions without their knowledge; site availability and data integrity at risk.
Conditions required to exploit
Victim must be logged in and click a malicious link or visit an attacker-controlled page.
Key dates
External resources