CVE-2019-20390 in Subrioninformazioni

Riassunto

di MITRE

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Fonti

Do you need the next level of professionalism?

Upgrade your account now!