Описание
A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a CSRF attack and send them to the attacker.
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- ProductThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ProductThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.10.3 (включая)
cpe:2.3:a:streama_project:streama:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00172
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a CSRF attack and send them to the attacker.
EPSS
Процентиль: 39%
0.00172
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352