Login Sign Up

CVE-2021-47754

6.5 MEDIUM
Authentication Bypass CSRF

📋 TL;DR

CVE-2021-47754 is a cross-site request forgery (CSRF) vulnerability in Arunna 1.0.0 that allows attackers to manipulate authenticated users into submitting malicious forms. This enables unauthorized changes to user profiles including passwords, email addresses, and administrative privileges. All users running Arunna 1.0.0 are affected.

💻 Affected Systems

Products:
  • Arunna
Versions: 1.0.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of Arunna 1.0.0 are vulnerable regardless of configuration.

📦 What is this software?

Arunna by Arunna

View all CVEs affecting Arunna →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative privileges, take over user accounts, and potentially compromise the entire system by changing passwords and email addresses.

🟠

Likely Case

Attackers hijack user accounts by changing passwords and email addresses, leading to unauthorized access and data exposure.

🟢

If Mitigated

With proper CSRF protections, attackers cannot forge requests, maintaining normal authentication and authorization controls.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires tricking authenticated users into visiting malicious pages with crafted forms.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.1 or later

Vendor Advisory: https://github.com/arunna/arunna

Restart Required: Yes

Instructions:

1. Backup current installation. 2. Download latest version from GitHub. 3. Replace vulnerable files with patched version. 4. Restart the application.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF tokens to all state-changing forms and validate them server-side.

Modify form templates to include CSRF tokens and update server-side validation logic

SameSite Cookie Attribute

all

Set SameSite=Strict or Lax on session cookies to prevent cross-site requests.

Set session cookie with SameSite=Strict attribute in application configuration

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to detect and block CSRF attempts
  • Require re-authentication for sensitive actions like password changes

🔍 How to Verify

Check if Vulnerable:

Check if running Arunna 1.0.0 and forms lack CSRF protection tokens.

Check Version:

Check package.json or application configuration for version number

Verify Fix Applied:

Verify version is 1.0.1 or later and forms include CSRF tokens that are validated.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed form submissions from same IP
  • Unusual profile modification patterns

Network Indicators:

  • Requests to profile endpoints without proper referrer headers
  • Cross-origin form submissions

SIEM Query:

sourceIP=* AND (uri="*/profile/update" OR uri="*/password/change") AND referrer NOT CONTAINS "yourdomain.com"

📊 Metadata

CVE ID: CVE-2021-47754
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE: CWE-352
EPSS Score: 0.02% exploit probability (2.9th percentile)
Published: January 15, 2026
Last Updated: January 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47754, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-10181 9.8

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Sumavision Enhanced Multimed...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)