Daniel RufWPVDB-ID:0BD25283-E079-4010-B139-CCE9AFB1D54DPDF24 Article To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF
0.001 Low
EPSS
Percentile
26.4%
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PoC
.pdf24Plugin-cp { border:1px solid silver; } .pdf24Plugin-cp input[type=“text”] { width:200px; border:1px solid silver; margin:0; padding:2px; } .pdf24Plugin-cp input[type=“submit”] { margin:0; padding:2px 10px !important; } .pdf24Plugin-cp form { margin:0; padding:0; } .pdf24Plugin-cp img { height:32px; } .pdf24Plugin-cp span, .pdf24Plugin-cp input, .pdf24Plugin-cp img { vertical-align:middle; } .pdf24Plugin-cp * { font-size:90%; } .pdf24Plugin-sbp { text-align:center; border: 1px solid silver; padding: 5px; } .pdf24Plugin-sbp-link a { font-weight:bold; } .pdf24Plugin-sbp-bl { font-size:smaller; } .pdf24Plugin-tbp { padding: 3px; width:600px; margin:auto; } .pdf24Plugin-tbp * { font-size: 90%; } .pdf24Plugin-lp-link a { }
{headline}
{content}
{title}
{dateTime} {author}
{text}
| CPE | Name | Operator | Version |
|---|---|---|---|
| pdf24-post-to-pdf | eq | * |
Related
