CVE-2020-23960
HIGHFork CMS < 5.8.3 - Cross-Site Request Forgery in Admin Console
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/forkcms/forkcms/pull/3123
Release Notes, Vendor Advisory x_refsource_misc
https://www.fork-cms.com/blog/detail/fork-5.8.3-released
Scores
CVSS v3
8.8
EPSS
0.0068
EPSS Percentile
47.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (2)
fork-cms/fork_cms
< 5.8.3
forkcms/forkcms
0 - 5.8.3Packagist
Published
Jan 11, 2021
Tracked Since
Feb 18, 2026