Plattform
php
Komponente
arunna
Behoben in
1.0.1
CVE-2021-47754 describes a cross-site request forgery (CSRF) vulnerability present in Arunna versions 1.0.0 through 1.0.0. This vulnerability allows attackers to manipulate user profile settings without requiring authentication, potentially granting them unauthorized access and control. The vulnerability was published on January 15, 2026, and a fix is available via an updated version of Arunna.
The primary impact of this CSRF vulnerability lies in the ability of an attacker to modify a user's profile settings without their knowledge or consent. By crafting a malicious form and tricking an authenticated user into submitting it, an attacker can alter sensitive information such as usernames, email addresses, and crucially, administrative privileges. Successful exploitation could lead to account takeover, unauthorized administrative actions, and potential compromise of the entire Arunna application. This is particularly concerning if the application handles sensitive data or is integrated with other critical systems.
Public proof-of-concept (POC) code for this vulnerability may exist or emerge. The CVSS score of 6.5 (MEDIUM) suggests a moderate probability of exploitation. As of the publication date, there is no indication of active exploitation campaigns targeting this vulnerability. Refer to the official Arunna advisory for further details and updates.
Organizations and individuals using Arunna version 1.0.0 are at direct risk. Specifically, environments where Arunna is deployed with default configurations or where user accounts have elevated privileges are particularly vulnerable. Shared hosting environments utilizing Arunna should be carefully monitored and secured.
• php / web:
curl -I <arunna_url>/profile.php | grep -i 'csrf-token'• generic web:
curl -I <arunna_url>/profile.php | grep -i 'set-cookie'• generic web:
grep -r 'profile.php' /var/log/apache2/access.log | grep -i 'csrf-token'disclosure
Exploit-Status
EPSS
0.02% (6% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2021-47754 is to upgrade to a patched version of Arunna as soon as it becomes available. If upgrading immediately is not feasible, consider implementing temporary workarounds such as adding CSRF tokens to all sensitive forms and endpoints within the Arunna application. Implementing a Content Security Policy (CSP) with strict rules can also help mitigate the risk by restricting the sources from which the browser can load resources. Regularly review and audit the application's code for potential CSRF vulnerabilities.
Actualice a una versión corregida de Arunna que solucione la vulnerabilidad CSRF. Revise y fortalezca las medidas de seguridad para prevenir ataques CSRF, como la implementación de tokens CSRF en todos los formularios y solicitudes sensibles.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2021-47754 is a cross-site request forgery vulnerability affecting Arunna versions 1.0.0-1.0.0, allowing attackers to manipulate user profile settings without authentication.
Yes, if you are using Arunna version 1.0.0, you are potentially affected by this CSRF vulnerability. Upgrade to a patched version as soon as possible.
The primary fix is to upgrade to a patched version of Arunna. As a temporary workaround, implement CSRF tokens on all sensitive forms and endpoints.
There is currently no confirmed evidence of active exploitation, but the vulnerability's potential impact warrants immediate attention and mitigation.
Please refer to the official Arunna project website or security mailing list for the latest advisory and patch information regarding CVE-2021-47754.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.