Skip to main content

Opencats CVE-2023-26845

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2023-04-11 cve@mitre.org
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 11, 2023 - 15:15 nvd
MEDIUM 4.3

DescriptionNVD

A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors.

AnalysisAI

A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors. Affected products include: Opencats.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2022-43019 CRITICAL POC
9.8 Oct 19

OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax fu

CVE-2021-41560 CRITICAL POC
9.8 Dec 15

OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUti

CVE-2021-25294 CRITICAL POC
9.8 Jan 18

OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. Rated cr

CVE-2026-27760 CRITICAL POC
9.2 Apr 28

Remote code execution in OpenCATS installer allows unauthenticated attackers to inject and execute arbitrary PHP code by

CVE-2019-13358 HIGH POC
7.5 Jul 05

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying opera

CVE-2022-43023 MEDIUM POC
6.5 Oct 19

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerr

CVE-2022-43022 MEDIUM POC
6.5 Oct 19

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion func

CVE-2022-43021 MEDIUM POC
6.5 Oct 19

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable. Rated medium se

CVE-2022-43020 MEDIUM POC
6.5 Oct 19

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update functi

CVE-2023-27293 MEDIUM POC
6.1 Feb 28

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javas

CVE-2022-43018 MEDIUM POC
6.1 Oct 19

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter i

CVE-2022-43017 MEDIUM POC
6.1 Oct 19

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile compone

Share

CVE-2023-26845 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy