Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-W8FQ-XGVH-CXC2
HistoryMay 23, 2024 - 2:41 p.m.

Silverstripe Forum Module CSRF Vulnerability

2024-05-2314:41:16
CWE-352
CWE-425
GitHub Advisory Database
github.com
1
silverstripe
forum
csrf
vulnerability
malicious user
get requests
members
forums
csrf bypass
anti-spam
forum moderator
specially crafted url
topic moved
michael strong
discovery

7.1 High

AI Score

Confidence

High

JSON

A number of form actions in the Forum module are directly accessible. A malicious user (e.g. spammer) can use GET requests to create Members and post to forums, bypassing CSRF and anti-spam measures.

Additionally, a forum moderator could be tricked into clicking a specially crafted URL, resulting in a topic being moved.

Thanks to Michael Strong for discovering.

Affected configurations

Vulners
Node
silverstripesilverstripeRange0.7.3
OR
silverstripesilverstripeRange0.6.1

7.1 High

AI Score

Confidence

High

JSON