Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-45017: There is a csrf vulnerability in catfish - <=6.3.0 · Issue #8 · xwlrbh/Catfish

Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as your malicious url address in the Add Menu column.

CVE
#csrf#vulnerability#web#google#git

[Suggested description]
Cross Site Request Forgery (CSRF) vulnerability exists incatfish - <=6.3.0. First, you upload an html file containing csrf on the website
that uses a google editor, (you only need to search in google:
inurl:catfishcms/index.php/admin/Index/addmenu.html and then use the authoity of this
When you have background permissions and want to induce other users to perform sensitive operations, you can specify the menu url address as your malicious url address in the Add Menu column

[Vulnerability Type]
Cross Site Request Forgery (CSRF)

[Vendor of Product]
https://github.com/xwlrbh/Catfish

[Affected Product Code Base]
catfish - <=6.3.0

[Affected Component]
To find a website that uses this editor, you only need to search in google: inurl:catfishcms/index.php/admin/Index/addmenu.html
Because this is the feature file of this editor

[Attack Type]
Remote

[Impact Code execution]
true

Attackers can use websites trusted by users to perform dangerous operations

[Attack Vectors]

<title>csrf test</title> // your target url

image
image

image

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907