PT-2015-7281 · Phpliteadmin · Phpliteadmin
Publicado
2015-08-18
·
Atualizado
2019-03-12
·
CVE-2015-6517
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
phpLiteAdmin version 1.1
Description
A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests, specifically to drop database tables via the
droptable parameter to the "phpliteadmin.php" endpoint.Recommendations
For phpLiteAdmin version 1.1, consider disabling access to the "phpliteadmin.php" endpoint until a patch is available, or restrict the use of the
droptable parameter to prevent unauthorized database modifications.Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Phpliteadmin