CVE-2017-15063

Name of the Vulnerable Software and Affected Versions Subrion CMS versions 4.1.x through 4.1.5 Subrion CMS versions before 4.2.0

Description The issue arises from a logic error in the code, specifically in the ia.core.php file, where the CSRF detection functionality is called too late. This allows for potential attacks, such as those targeting the query parameter in the "panel/database" endpoint.

Recommendations For Subrion CMS versions 4.1.x through 4.1.5, update to version 4.2.0 or later to resolve the issue. For Subrion CMS versions before 4.2.0, update to version 4.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the ia.core.php code and the "panel/database" endpoint to minimize the risk of exploitation.