| Название | Sitemagic CMS v4.4.1 - Multiple Cross-Site-Request-Forgery (CSRF) |
|---|
| Описание | It was observed that the application did not contain any Cross-Site Request Forgery protection. This allows attackers to cause application users or administrators to carry out functionality on their behalf, such as adding a new administrative user or changing a user's details.
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. As the request inherits the identity of the victim, it can perform any function on the victim's behalf, like change the victim's e-mail address, home address, password, or purchase something.
In this particular case, it could be possible for an attacker to trick the victim into performing administrative action, change the site contents, add tabs, upload web shells or other malicious files, and other critical actions that may allow the attacker to entirely compromise the hosting server.
The vulnerability, discovered in version 4.4.1, had been fixed in 4.4.2. The CVE ID assigned to this vulnerability is CVE-2019-18220.
|
|---|
| Источник | ⚠️ https://github.com/Jemt/SitemagicCMS/blob/master/changelog.txt |
|---|
| Пользователь | Anonymous User |
|---|
| Представление | 21.10.2019 17:17 (7 лет назад) |
|---|
| Модерация | 22.10.2019 09:17 (16 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 144008 [Codemagic Sitemagic CMS 4.4.1 подделка межсайтовых запросов] |
|---|
| Баллы | 20 |
|---|