CVE-2026-55745 - Cotonti CSRF in PFS folder edit allows unauthorized folder modification
CVE ID : CVE-2026-55745
Published : June 18, 2026, 6:07 a.m. | 1 hour, 35 minutes ago
Description : Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request...
cvefeed.io
Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Personal File Storage (PFS) module. In modules/pfs/inc/pfs.editfolder.php, the folder update action ('a=update') updates folder metadata (title, description, public/gallery flags) without calling cot_check_xg() to validate the anti-CSRF token. A remote attacker who lures an authenticated user into …
