| tiêu đề | Sitemagic CMS v4.4.1 - Multiple Cross-Site-Request-Forgery (CSRF) |
|---|
| Mô tả | It was observed that the application did not contain any Cross-Site Request Forgery protection. This allows attackers to cause application users or administrators to carry out functionality on their behalf, such as adding a new administrative user or changing a user's details.
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. As the request inherits the identity of the victim, it can perform any function on the victim's behalf, like change the victim's e-mail address, home address, password, or purchase something.
In this particular case, it could be possible for an attacker to trick the victim into performing administrative action, change the site contents, add tabs, upload web shells or other malicious files, and other critical actions that may allow the attacker to entirely compromise the hosting server.
The vulnerability, discovered in version 4.4.1, had been fixed in 4.4.2. The CVE ID assigned to this vulnerability is CVE-2019-18220.
|
|---|
| Nguồn | ⚠️ https://github.com/Jemt/SitemagicCMS/blob/master/changelog.txt |
|---|
| Người dùng | Anonymous User |
|---|
| Đệ trình | 21/10/2019 17:17 (cách đây 7 những năm) |
|---|
| Kiểm duyệt | 22/10/2019 09:17 (16 hours later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 144008 [Codemagic Sitemagic CMS 4.4.1 Giả mạo yêu cầu liên trang] |
|---|
| điểm | 20 |
|---|