Lucene search
GoogleOSV:GHSA-C4WX-3X5Q-HF4WHistoryMay 24, 2022 - 5:17 p.m.
Subrion CMS Cross-Site Request Forgery (CSRF) vulnerability
2022-05-2417:17:57
Google
osv.dev
4
subrion cms
cross-site request forgery
csrf
vulnerability
remote attacker
file removal
server
authenticated user
validation failure
get request
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim’s knowledge, by enticing an authenticated user to visit an attacker’s web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.
Related
veracode
veracode
Cross-site Request Forgery (CSRF)
2020-05-18 08:23:33
nvd
nvd
CVE-2019-20390
2020-05-15 18:15:13
prion
prion
Cross site request forgery (csrf)
2020-05-15 18:15:00
osv
osv
CVE-2019-20390
2020-05-15 18:15:13
github
github
Subrion CMS Cross-Site Request Forgery (CSRF) vulnerability
2022-05-24 17:17:57
packetstorm
packetstorm
Subrion CMS 4.2.1 Cross Site Request Forgery
2020-05-14 00:00:00
cvelist
cvelist
CVE-2019-20390
2020-05-15 17:07:56
cve
cve
CVE-2019-20390
2020-05-15 18:15:13