Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-c4wx-3x5q-hf4w

Опубликовано: 24 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 8.1

Описание

Subrion CMS Cross-Site Request Forgery (CSRF) vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.

Ссылки

Пакеты

Наименование

intelliants/subrion

composer
Затронутые версииВерсия исправления

= 4.2.1

Отсутствует

EPSS

Процентиль: 48%
0.00247
Низкий

8.1 High

CVSS3

CVE ID

CVE-2019-20390

Дефекты

CWE-352

Связанные уязвимости

nvd логотип

CVE-2019-20390

CVSS3: 8.1
nvd
больше 5 лет назад

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.

EPSS

Процентиль: 48%
0.00247
Низкий

8.1 High

CVSS3

CVE ID

CVE-2019-20390

Дефекты

CWE-352