4 matches found
Backdrop CMS Cross-Site Request Forgery Vulnerability
Backdrop CMS is an open source content management system CMS. A cross-site request forgery vulnerability exists in Backdrop CMS, which stems from obtaining remote code execution RCE on a hosted web server by uploading a malicious add-on with a crafted PHP file. No details of the vulnerability are...
CVE-2021-45268
A Cross Site Request Forgery CSRF vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cook...
Backdrop CMS 跨站请求伪造漏洞
Backdrop CMS is an open source content management system CMS. A cross-site request forgery vulnerability exists in Backdrop CMS, which stems from obtaining remote code execution RCE on a hosted web server by uploading a malicious add-on with a crafted PHP file. No details of the vulnerability are...
Google to Ditch Public Key Pinning in Chrome
Google said that in an upcoming version of Chrome it will deprecate the browser’s support for HTTP public key pinning. Instead, it will adopt the “safer” more flexible solution of Expect-CT headers. HTTP public key pinning HPKP is a browser security measure that protects against an SSL certificat...