CVE-2022-27340: Cross-Site Request Forgery (CSRF)
(updated )
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.
References
Code Behaviors & Features
Detect and mitigate CVE-2022-27340 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →