| عنوان | Sitemagic CMS v4.4.1 - Multiple Cross-Site-Request-Forgery (CSRF) |
|---|
| الوصف | It was observed that the application did not contain any Cross-Site Request Forgery protection. This allows attackers to cause application users or administrators to carry out functionality on their behalf, such as adding a new administrative user or changing a user's details.
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. As the request inherits the identity of the victim, it can perform any function on the victim's behalf, like change the victim's e-mail address, home address, password, or purchase something.
In this particular case, it could be possible for an attacker to trick the victim into performing administrative action, change the site contents, add tabs, upload web shells or other malicious files, and other critical actions that may allow the attacker to entirely compromise the hosting server.
The vulnerability, discovered in version 4.4.1, had been fixed in 4.4.2. The CVE ID assigned to this vulnerability is CVE-2019-18220.
|
|---|
| المصدر | ⚠️ https://github.com/Jemt/SitemagicCMS/blob/master/changelog.txt |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 21/10/2019 05:17 PM (7 سنوات منذ) |
|---|
| الاعتدال | 22/10/2019 09:17 AM (16 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 144008 [Codemagic Sitemagic CMS 4.4.1 تزوير طلبات عبر المواقع] |
|---|
| النقاط | 20 |
|---|