{"id":"CVE-2022-4564","details":"A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability.","modified":"2026-02-23T01:25:08.901711Z","published":"2022-12-16T17:15:09.253Z","references":[{"type":"ADVISORY","url":"https://github.com/ucfopen/Materia/releases/tag/v9.0.1-alpha1"},{"type":"ADVISORY","url":"https://vuldb.com/?id.215973"},{"type":"REPORT","url":"https://vuldb.com/?id.215973"},{"type":"FIX","url":"https://github.com/ucfopen/Materia/commit/af259115d2e8f17068e61902151ee8a9dbac397b"},{"type":"FIX","url":"https://github.com/ucfopen/Materia/pull/1371"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ucfopen/materia","events":[{"introduced":"0"},{"fixed":"aa52b5b32843425510b8c6e6ef8ee6b9f12534f8"},{"introduced":"0"},{"fixed":"af259115d2e8f17068e61902151ee8a9dbac397b"}]}],"versions":["v3.3.1","v3.4.0","v3.4.1","v3.4.2","v3.4.3","v3.5.0","v3.5.1","v3.5.2","v3.6.0","v3.6.1","v3.6.2","v3.6.3","v3.6.4","v3.6.5","v3.7.0","v4.0.0","v5.0.0","v5.0.0-alpha1","v5.0.0-rc1","v5.0.0-rc2","v5.0.0-rc3","v5.0.0-rc4","v5.0.0-rc5","v5.0.0-rc6","v6.0.0","v6.0.0-alpha1","v6.0.0-alpha2","v6.0.0-alpha3","v6.0.0-alpha4","v6.0.1","v6.0.1-alpha1","v6.0.2","v7.0.0","v7.0.1","v8.0.0","v8.0.1","v9.0.0","v9.0.0-alpha1","v9.0.0-alpha2","v9.0.0-alpha3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-4564.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}