PT-2017-13758 · Tiki · Tiki
Chbi
·
Publicado
2017-09-29
·
Atualizado
2017-10-06
·
CVE-2017-14924
CVSS v3.1
8.0
Alta
| Vetor | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tiki versions prior to 16.3
Tiki versions 17.x prior to 17.1
Tiki versions 12.x prior to 12.12 LTS
Tiki versions 15.x prior to 15.5 LTS
Description
A Cross-Site Request Forgery (CSRF) issue exists via the IMG element, allowing an authenticated user to gain administrator privileges if an administrator opens a wiki page containing a malicious IMG element, related to the tiki-assignuser.php file.
Recommendations
For Tiki versions prior to 16.3, update to version 16.3 or later.
For Tiki versions 17.x prior to 17.1, update to version 17.1 or later.
For Tiki versions 12.x prior to 12.12 LTS, update to version 12.12 LTS or later.
For Tiki versions 15.x prior to 15.5 LTS, update to version 15.5 LTS or later.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tiki