CVE-2024-35475

Published May 22nd, 2024

View on NVD ↗

CVSS v3

6.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands.

carsonchan12345/OpenKM-CSRF-PoCUNAVAILABLE

GitHub