First published: Thu Oct 08 2020(Updated: )
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the `admin/pages/delete/` URI: pages will be deleted.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pyrocms Pyrocms | =3.7 | |
composer/pyrocms/pyrocms | <=3.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-25262 is a vulnerability in PyroCMS 3.7 that allows cross-site request forgery (CSRF) attacks via the admin/pages/delete/ URI, resulting in the deletion of pages.
CVE-2020-25262 has a severity keyword of 'medium' and a severity value of 4.3 out of 10.
A CSRF attack can occur in PyroCMS 3.7 through the admin/pages/delete/ URI.
PyroCMS version 3.7 is affected by CVE-2020-25262.
To fix CVE-2020-25262, it is recommended to update PyroCMS to a version that has addressed the vulnerability.