CVE-2020-23960

HIGH

Fork CMS < 5.8.3 - Cross-Site Request Forgery in Admin Console

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale.

References (2)

Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/forkcms/forkcms/pull/3123
Release Notes, Vendor Advisory x_refsource_misc
https://www.fork-cms.com/blog/detail/fork-5.8.3-released

Scores

CVSS v3 8.8
EPSS 0.0068
EPSS Percentile 47.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (2)
fork-cms/fork_cms < 5.8.3
forkcms/forkcms 0 - 5.8.3Packagist
Published Jan 11, 2021
Tracked Since Feb 18, 2026