High severityNVD Advisory· Published Nov 16, 2021· Updated Apr 30, 2025
Piranha CMS - Site-wide Cross-Site Request Forgery (CSRF)
CVE-2021-25976
Description
In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PiranhaNuGet | >= 4.0.0-alpha1, < 10.0-alpha1 | 10.0-alpha1 |
Affected products
2- Range: 4.0.0-alpha1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-ppq7-88c7-q879ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-25976ghsaADVISORY
- github.com/PiranhaCMS/piranha.core/commit/e42abacdd0dd880ce9cf6607efcc24646ac82edaghsax_refsource_MISCWEB
- www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25976ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.