CNNVD-202601-4882 Information

CNNVD ID

CNNVD-202601-4882

Related CVE

CVE-2025-15550

• CNNVD Published: 2026-01-29

Description (Chinese)

prime是Birkir Gudjonsson个人开发者的一个内容管理系统。 prime 0.4.0.beta.0及之前版本存在跨站请求伪造漏洞，该漏洞源于GraphQL端点存在跨站请求伪造，可能导致攻击者利用基于GET的查询请求触发未授权操作。

Description (English)

Prime is a content management system for Birkir Gudjonsson’s personal developer. The prime 0.4.beta.0 and previous versions had a false gap in cross-site requests, which stemmed from the existence of cross-site requests at the GraphQL endpoint, which could lead the attackers to trigger unauthorized operations using GET-based queries.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

个人开发者

Published

2026-01-29

Last Modified

2026-02-24

References

https://github.com/birkir/prime/issues/547 https://www.vulncheck.com/advisories/birkir-prime-beta-cross-site-request-forgery-in-graphql https://access.redhat.com/security/cve/cve-2025-15550