Acora CMS Cross-Site Request Forgery Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in Acora CMS version 10.1.1. This issue allows attackers to manipulate authenticated users into executing unauthorized actions, such as deleting accounts or creating users. The vulnerability arises from insufficient CSRF protections, enabling exploitation through crafted requests that take advantage of the victim's active session, potentially disrupting user management functions.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed on behalf of authenticated users, such as deleting accounts or creating new users, thereby disrupting normal user management processes.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Acora CMS Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

Acora CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating