CVE-2020-18326: Cross-Site Request Forgery (CSRF)

March 5, 2022 (updated March 17, 2022)

Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.

References

github.com/advisories/GHSA-9cc3-5w85-pxvx
github.com/hamm0nz/CVE-2020-18326
nvd.nist.gov/vuln/detail/CVE-2020-18326

Detect and mitigate CVE-2020-18326 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →