PT-2018-13093 · Tp5Cms · Tp5Cms

Sunj3To

·

Publicado

2018-08-20

·

Atualizado

2018-11-01

·

CVE-2018-15568

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions tp5cms versions prior to 2017-05-25
Description The issue allows for CSRF via the "admin.php/category/delete.html" endpoint. This can potentially lead to unauthorized actions on the affected system.
Recommendations For versions prior to 2017-05-25, as a temporary workaround, consider restricting access to the "admin.php/category/delete.html" endpoint until a patch is available.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2018-15568

Produtos afetados

Tp5Cms