Cross site request forgery (csrf)

2010-09-2421:00:00

PRIOn knowledge base

www.prio-n.com

AI Score

7.9

Confidence

Low

EPSS

0.008

Percentile

81.9%

JSON

Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information.

References

osvdb.org/68060

packetstormsecurity.org/1009-advisories/moaub16-mojoportal.pdf

packetstormsecurity.org/1009-exploits/moaub-mojoportal.txt

secunia.com/advisories/41481

www.mojoportal.com/mojoportal-2352-released.aspx

exchange.xforce.ibmcloud.com/vulnerabilities/61834

www.exploit-db.com/exploits/15018