CVE-2019-20390 in Subrioninformación

Resumen

por MITRE

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Fuentes

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!