CVE-2024-7065

Summary

A vulnerability was found in Spina CMS up to 2.18.0. It has been classified as problematic. Affected is an unknown function of the file /admin/pages/. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272346 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
SpinaCMS2.0affected
SpinaCMS2.1affected
SpinaCMS2.2affected
SpinaCMS2.3affected
SpinaCMS2.4affected
SpinaCMS2.5affected
SpinaCMS2.6affected
SpinaCMS2.7affected
SpinaCMS2.8affected
SpinaCMS2.9affected
SpinaCMS2.10affected
SpinaCMS2.11affected
SpinaCMS2.12affected
SpinaCMS2.13affected
SpinaCMS2.14affected
SpinaCMS2.15affected
SpinaCMS2.16affected
SpinaCMS2.17affected
SpinaCMS2.18affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References