CVE-2015-5534

Name of the Vulnerable Software and Affected Versions Oxwall versions prior to 1.8

Description The issue allows remote attackers to hijack the authentication of administrators for requests. This can be achieved through multiple cross-site request forgery (CSRF) vulnerabilities. Specifically, attackers can put the website under maintenance via the maintenance enable parameter or conduct cross-site scripting (XSS) attacks via the maintenance text parameter to "admin/pages/maintenance".

Recommendations For versions prior to 1.8, update to version 1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin/pages/maintenance" endpoint to minimize the risk of exploitation. Avoid using the maintenance enable and maintenance text parameters in this endpoint until the issue is resolved.