CVE-2019-20390 in Subrion情報

要約

〜によって MITRE

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

予約する

2020年01月22日

モデレーション

承諾済み

エントリ

VDB-155314

EPSS

0.00675

アクティビティ

非常低い

ソース

Want to stay up to date on a daily basis?

Enable the mail alert feature now!