CVE-2021-47754
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arunna | arunna | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in Arunna 1.0.0 that allows attackers to manipulate user profile settings without authentication. Attackers can craft malicious forms that trick authenticated users into submitting them, enabling changes to user details such as passwords, email addresses, and administrative privileges. [2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to change your user profile settings without your consent, including sensitive information like passwords and email addresses, as well as administrative privileges. This can lead to unauthorized access, account takeover, and potential misuse of your account or system. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this CSRF vulnerability involves monitoring for unauthorized or suspicious HTTP requests that change user profile settings without proper authentication. Since the vulnerability allows attackers to craft malicious forms to manipulate user data, you can look for unusual POST requests to profile or admin endpoints that change passwords, emails, or privileges. Specific commands are not provided in the resources, but generally, you can use tools like curl or network monitoring tools to capture and analyze such requests. For example, using curl to simulate or detect suspicious POST requests or using web application firewalls (WAF) logs to identify unexpected parameter changes. However, no explicit detection commands are detailed in the provided resources. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing proper CSRF protections such as adding anti-CSRF tokens to forms that modify user data, validating the origin of requests, and ensuring that sensitive actions require authentication and user interaction. Additionally, reviewing and updating the application to sanitize inputs and restrict unauthorized changes to user profiles is critical. Since the vulnerability allows attackers to manipulate user profile settings without authentication, enforcing strict access controls and session management is essential. The resources emphasize the lack of CSRF protections as the root cause and suggest responsible disclosure and patching as mitigation strategies. [2, 3]