QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-37160

Back to search

CVE-2024-37160

Published: Jun 7, 2024

Modified: Aug 2, 2024

PUBLISHED

CVSS v3.1

4.8

MEDIUM

Description

Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard). This vulnerability is fixed in 1.13.1.

VendorProductVersions

getformwork

formwork

affected
< 1.13.1
affected
= 2.0.0-beta.1

Weaknesses (CWE)

CWE-79

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now