CVE-2024-35475 Information

May 23, 2024 cve

Description

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands.

Reference

https://github.com/carsonchan12345/OpenKM-CSRF-PoC https://github.com/carsonchan12345/CVE-2024-35475

Share on: