First published: Thu Oct 08 2020(Updated: )
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the `admin/addons/uninstall/anomaly.module.blocks` URI: an arbitrary plugin will be deleted.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pyrocms Pyrocms | =3.7 | |
composer/pyrocms/pyrocms | <=3.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-25263 is a vulnerability in PyroCMS 3.7 that allows cross-site request forgery (CSRF) attacks via the admin/addons/uninstall/anomaly.module.blocks URI, allowing an attacker to delete arbitrary plugins.
The severity of the CVE-2020-25263 vulnerability is high with a CVSS score of 7.1.
PyroCMS version 3.7 is affected by CVE-2020-25263.
To fix the CVE-2020-25263 vulnerability, it is recommended to update PyroCMS to a version that includes a patch for this vulnerability.
More information about CVE-2020-25263 can be found at the following references: [https://gist.github.com/farid007/df51b0666643ec01d5571cbcc1e966e7](https://gist.github.com/farid007/df51b0666643ec01d5571cbcc1e966e7), [https://github.com/pyrocms/pyrocms](https://github.com/pyrocms/pyrocms), [https://pyrocms.com/](https://pyrocms.com/)