Skip to main content

Wondercms CVE-2017-7951

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2017-04-21 cve@mitre.org
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 21, 2017 - 02:59 cve.org
HIGH 8.8

DescriptionCVE.org

WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context.

AnalysisAI

WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. Affected products include: Wondercms. Version information: before 2.0.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2023-41425 MEDIUM POC
6.1 Nov 07

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code

CVE-2024-32340 CRITICAL POC
9.6 Apr 17

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbit

CVE-2018-14387 HIGH POC
8.8 Jul 18

An issue was discovered in WonderCMS before 2.5.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2024-27561 HIGH POC
8.1 Mar 05

A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers

CVE-2014-8701 HIGH POC
7.5 Mar 17

Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the un

CVE-2025-57055 MEDIUM POC
6.5 Sep 17

WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery (SSRF) in the custom module installation functionality. Rat

CVE-2014-8703 MEDIUM POC
6.1 Mar 17

Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HT

CVE-2024-32339 MEDIUM POC
6.1 Apr 17

Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute a

CVE-2024-32337 MEDIUM POC
6.1 Apr 17

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbit

CVE-2014-8704 CRITICAL
9.8 Mar 17

Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitra

CVE-2014-8705 CRITICAL
9.8 Mar 17

PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitra

CVE-2024-32745 MEDIUM POC
5.9 Apr 17

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbit

Share

CVE-2017-7951 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy