CVE-2020-19278: Cross-Site Request Forgery (CSRF)

April 4, 2023 (updated April 10, 2023)

Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter.

References

github.com/advisories/GHSA-f6xp-59jq-r35c
github.com/phachon/mm-wiki/issues/68
imgur.com/EABvnwz
nvd.nist.gov/vuln/detail/CVE-2020-19278

Detect and mitigate CVE-2020-19278 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →