Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-7g7r-gr46-q4p5

GitHub Security Advisory

Cross-Site Request Forgery in yetiforce

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

Versions of yetiforce 6.3.0 and prior are subject to privilege escalation via a cross site request forgery bug. This allows an attacker to create a new admin account even with SameSite: Strict enabled. This vulnerability can be exploited by any user on the system including guest users.

Affected Packages

Packagist yetiforce/yetiforce-crm
Affected versions: 0 (last affected: 6.3.0)

Related CVEs

CVE-2022-0269

Key Information

GHSA ID
GHSA-7g7r-gr46-q4p5
Published
January 27, 2022 4:21 PM
Last Modified
January 31, 2022 9:47 PM
CVSS Score
7.5 /10
Primary Ecosystem
Packagist
Primary Package
yetiforce/yetiforce-crm
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.