PT-2019-7553 · Redaxo · Redaxo
Publicado
2019-05-24
·
Atualizado
2019-05-28
·
CVE-2016-10757
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Redaxo version 5.2.0
Description
The issue affects the cron management in the admin panel, where a CSRF vulnerability can lead to arbitrary Remote Code Execution. This is achieved through the
addons/cronjob/lib/types/phpcode.php file.Recommendations
For Redaxo version 5.2.0, consider disabling access to the
addons/cronjob/lib/types/phpcode.php file as a temporary workaround until a patch is available. Restrict access to the cron management feature in the admin panel to minimize the risk of exploitation.Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Redaxo