CVE-2026-38934

Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php
Configurations

No configuration.

History

05 Jul 2026, 17:17

Type Values Removed Values Added
References
  • {'url': 'http://diskoverdata.com', 'source': 'cve@mitre.org'}

05 Jul 2026, 02:17

Type Values Removed Values Added
References
  • {'url': 'http://diskover-community.com', 'source': 'cve@mitre.org'}

27 Apr 2026, 18:16

Type Values Removed Values Added
CWE CWE-352
References () https://github.com/VadlaReddySai/diskoverdata-cve-writeups/blob/main/CVE-2026-38934 - () https://github.com/VadlaReddySai/diskoverdata-cve-writeups/blob/main/CVE-2026-38934 -
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

27 Apr 2026, 17:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-04-27 17:16

Updated : 2026-07-05 17:17


NVD link : CVE-2026-38934

Mitre link : CVE-2026-38934

CVE.ORG link : CVE-2026-38934


JSON object : View

Products Affected

No product.

CWE
CWE-352

Cross-Site Request Forgery (CSRF)