CVE-2021-47754
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: VulnCheck

Description
Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users into submitting the form.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47754
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
arunna arunna 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Request Forgery (CSRF) in Arunna 1.0.0 that allows attackers to manipulate user profile settings without authentication. Attackers can craft malicious forms that trick authenticated users into submitting them, enabling changes to user details such as passwords, email addresses, and administrative privileges. [2, 3]

Impact Analysis

This vulnerability can impact you by allowing attackers to change your user profile settings without your consent, including sensitive information like passwords and email addresses, as well as administrative privileges. This can lead to unauthorized access, account takeover, and potential misuse of your account or system. [2, 3]

Detection Guidance

Detection of this CSRF vulnerability involves monitoring for unauthorized or suspicious HTTP requests that change user profile settings without proper authentication. Since the vulnerability allows attackers to craft malicious forms to manipulate user data, you can look for unusual POST requests to profile or admin endpoints that change passwords, emails, or privileges. Specific commands are not provided in the resources, but generally, you can use tools like curl or network monitoring tools to capture and analyze such requests. For example, using curl to simulate or detect suspicious POST requests or using web application firewalls (WAF) logs to identify unexpected parameter changes. However, no explicit detection commands are detailed in the provided resources. [2, 3]

Mitigation Strategies

Immediate mitigation steps include implementing proper CSRF protections such as adding anti-CSRF tokens to forms that modify user data, validating the origin of requests, and ensuring that sensitive actions require authentication and user interaction. Additionally, reviewing and updating the application to sanitize inputs and restrict unauthorized changes to user profiles is critical. Since the vulnerability allows attackers to manipulate user profile settings without authentication, enforcing strict access controls and session management is essential. The resources emphasize the lack of CSRF protections as the root cause and suggest responsible disclosure and patching as mitigation strategies. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47754. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart