What is GHSA-7g3p-35vc-mgjr?

GHSA-7g3p-35vc-mgjr is a security advisory published by GitHub Security Advisories with Critical severity. Cotonti: Cross-Site Request Forgery in the administration rights handler

Which CVE IDs does GHSA-7g3p-35vc-mgjr cover?

GHSA-7g3p-35vc-mgjr covers the following CVE IDs: CVE-2026-55742. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-7g3p-35vc-mgjr?

GHSA-7g3p-35vc-mgjr has a CVSS v3 base score of 9.6, published by GitHub Security Advisories.

Which products are affected by GHSA-7g3p-35vc-mgjr?

GHSA-7g3p-35vc-mgjr affects 1 product, including: composer/cotonti/cotonti:\u003c= 1.0.0.

GHSA-7g3p-35vc-mgjrCriticalCVSS 9.6

Cotonti: Cross-Site Request Forgery in the administration rights handler

Vendor

GitHub Security Advisories

Published

June 18, 2026

Last Modified

June 19, 2026

🔗 CVE IDs covered (1)

CVE-2026-55742 →

📋 Description

Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.php, the rights update action ('a=update') modifies group access rights (including via cot_auth_add_group) without calling cot_check_xg() to validate the anti-CSRF token. A remote attacker who lures an authenticated administrator into visiting a malicious page can force the browser to submit a forged request that grants elevated permissions to an attacker-controlled group, escalating privileges to administrator. Because Cotonti administrators can modify templates and configuration, this can be further leveraged toward remote code execution.

🎯 Affected products1

composer/cotonti/cotonti:<= 1.0.0

🔗 CVE IDs covered (1)

📋 Description

🎯 Affected products1

🔗 References (4)