Backdrop CMS Backdrop 1.20.0
Approved changes feed: RSS · Atom
cpe:2.3:a:backdropcms:backdrop:1.20.0:*:*:*:*:*:*:*
part: a version: 1.20.0 update: *
| Vendor | Backdropcms (c20e3035-f9db-563d-84ef-b3631140211a) |
|---|---|
| Product | Backdrop (912ed4e4-817c-5c61-a1b7-f8fcfa9394e6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/backdrop/backdrop |
purl2cpe | 2026-06-01 10:12:18.176148 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-45268 |
vulnerable | 2026-06-08 05:36:48.019181 |
Details available
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons
Published: 2022-02-03T21:46:03.000Z
Updated: 2024-08-04T04:39:20.429Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.