Lucene search

K
osvGoogleOSV:GHSA-W8FQ-XGVH-CXC2
HistoryMay 23, 2024 - 2:41 p.m.

Silverstripe Forum Module CSRF Vulnerability

2024-05-2314:41:16
Google
osv.dev
1
silverstripe
forum module
csrf vulnerability
form actions
anti-spam measures
moderator click vulnerability
michael strong

7.1 High

AI Score

Confidence

High

A number of form actions in the Forum module are directly accessible. A malicious user (e.g. spammer) can use GET requests to create Members and post to forums, bypassing CSRF and anti-spam measures.

Additionally, a forum moderator could be tricked into clicking a specially crafted URL, resulting in a topic being moved.

Thanks to Michael Strong for discovering.

7.1 High

AI Score

Confidence

High