A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24130
Reference (s):
- https://github.com/ponzu-cms/ponzu/issues/352