Cross-Site Request Forgery in Anchor CMS
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.
Advisories for Composer/Anchorcms/Anchor-Cms package
2024
Cross-Site Request Forgery in Anchor CMS
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2.
2022
Cross-Site Request Forgery (CSRF)
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.
2020
Cross-site Scripting
Anch allows admins to cause XSS via crafted post content.
2018
Information Exposure
An issue was discovered in config/error.php.The error log is exposed at anerrors.log` URI, and contains MySQL credentials if a MySQL error (such as 'Too many connections') has occurred.