Cross Site Request Forgery (CSRF) Vulnerability in ThinkCMF Version 6.0.7 Allows Injection of Super Administrator into Administrative Users

Cross Site Request Forgery (CSRF) Vulnerability in ThinkCMF Version 6.0.7 Allows Injection of Super Administrator into Administrative Users

CVE-2022-40489 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users.

Learn more about our User Device Pen Test.