CVE-2021-47754

Description

Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users into submitting the form.

PUBLISHED Reserved 2026-01-10 | Published 2026-01-15 | Updated 2026-01-26 | Assigner VulnCheck

Problem types

Cross-Site Request Forgery (CSRF)

Product status

Credits

=(L_L)= finder

References

www.exploit-db.com/exploits/50608 exploit

web.archive.org/...ite-box-hacking-works-xss-csrf-in-arunna/ exploit

www.exploit-db.com/exploits/50608 (ExploitDB-50608) exploit

web.archive.org/...ite-box-hacking-works-xss-csrf-in-arunna/ (Archived Researcher Blog) exploit technical-description

github.com/arunna/arunna (Arunna GitHub Repository) product

cve.org (CVE-2021-47754)

nvd.nist.gov (CVE-2021-47754)

Download JSON