CVE-2020-25263

Cross-Site Request Forgery (CSRF) in packagist/pyrocms/pyrocms

Identifiers

CVE-2020-25263

Package Slug

packagist/pyrocms/pyrocms

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

PyroCMS is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted.

Affected Versions

Version 3.7

Solution

Upgrade to version 3.7.1 or above.

Last Modified

2020-10-21

source