{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "0.1.0-NA" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.1.0-beta2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.1.0-beta3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.1.0-beta4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.1.0-beta5" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.1.0-beta6" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.1.0-beta7" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.1.0-beta7\\.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.1.0-beta7\\.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.1.0-beta8" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.1.0-beta8\\.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.1.0-beta8\\.2" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "0.1.0-beta.9" } ] }, "events": [ { "introduced": "0" }, { "fixed": "a720f6f65118e0389ffd7b14c43b6ea33821bccc" } ], "repo": "https://github.com/flarum/core", "type": "GIT" } ] } ], "details": "Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.", "id": "CVE-2019-13183", "modified": "2026-03-14T13:48:21.834321238Z", "published": "2019-07-07T15:15:10.307Z", "references": [ { "type": "ADVISORY", "url": "https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released" }, { "type": "ADVISORY", "url": "https://github.com/flarum/core/blob/master/CHANGELOG.md" }, { "type": "ADVISORY", "url": "https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6" } ], "related": [ "GHSA-3wjh-93gr-chh6" ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }