High severityNVD Advisory· Published Jan 11, 2021· Updated Aug 4, 2024
CVE-2020-23960
CVE-2020-23960
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
forkcms/forkcmsPackagist | < 5.8.3 | 5.8.3 |
Affected products
2- Fork/Forkdescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-pvgf-mrr4-cw7rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-23960ghsaADVISORY
- github.com/forkcms/forkcms/pull/3123ghsax_refsource_MISCWEB
- www.fork-cms.com/blog/detail/fork-5.8.3-releasedghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.