CVE-2024-42628

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 12, 2024

Updated: Aug 15, 2024

CWE ID 352

Summary

CVE-2024-42628 is a newly disclosed Cross-Site Request Forgery (CSRF) vulnerability affecting FrogCMS version 0.9.5. This issue allows attackers to manipulate user actions on the admin dashboard by intercepting and modifying valid requests. The vulnerability can be exploited through the /admin/?/snippet/edit/3 endpoint, potentially leading to unauthorized content modifications or management actions. Users are strongly encouraged to update to the latest version of FrogCMS to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xheSzD
https://www.cve.org/CVERecord?id=CVE-2024-42628
https://nvd.nist.gov/vuln/detail/CVE-2024-42628

Back to Vulnerability Database

CVE-2024-42628

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations