CVE-2019-16059

Name of the Vulnerable Software and Affected Versions Sentrifugo version 3.2

Description The issue lacks CSRF protection, which could allow an attacker to trick the administrator into executing arbitrary code. This can be achieved by accessing the "index.php/dashboard/viewprofile" API endpoint via a crafted HTML page.

Recommendations For Sentrifugo version 3.2, consider implementing CSRF protection mechanisms to prevent attackers from tricking administrators into executing arbitrary code. As a temporary workaround, restrict access to the "index.php/dashboard/viewprofile" endpoint to minimize the risk of exploitation.