Описание
CSRF in PHP Server Monitor before 3.3.2
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-18921
- https://github.com/phpservermon/phpservermon/issues/670#issuecomment-440873239
- https://github.com/phpservermon/phpservermon/commit/30150714a8af0c82259b733f604fce54c0dcbf40
- https://medium.com/bugbountywriteup/cve-2018-18921-php-server-monitor-3-3-1-cross-site-request-forgery-a73e8dae563
Пакеты
Наименование
phpservermon/phpservermon
composer
Затронутые версииВерсия исправления
<= 3.3.1
3.3.2
Связанные уязвимости
CVSS3: 6.5
nvd
около 7 лет назад
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.