PT-2008-2765 · Torrenttrader · Torrenttrader Classic
Dominus
+1
·
Publicado
2008-03-06
·
Atualizado
2018-10-11
·
CVE-2008-1172
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
TorrentTrader Classic version 1.08
Description
The issue concerns cross-site request forgery (CSRF) vulnerabilities in the account-inbox.php file. This allows remote attackers to perform certain actions as other users, such as sending messages.
Recommendations
For TorrentTrader Classic version 1.08, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent unauthorized actions. As a temporary workaround, restrict access to the account-inbox.php file to minimize the risk of exploitation.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Torrenttrader Classic