Vulnerability Description
A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.
CVSS Score
4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gestsup | Gestsup | < 3.2.46 |
Related Weaknesses (CWE)
References
- https://gestsup.fr/index.php?page=download&channel=beta&version=3.2.46&type=patcPatch
- https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2023-52060/README.mdExploitThird Party Advisory
- https://gestsup.fr/index.php?page=download&channel=beta&version=3.2.46&type=patcPatch
- https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2023-52060/README.mdExploitThird Party Advisory
FAQ
What is CVE-2023-52060?
CVE-2023-52060 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.
How severe is CVE-2023-52060?
CVE-2023-52060 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-52060?
Check the references section above for vendor advisories and patch information. Affected products include: Gestsup Gestsup.