CVE-2008-4448

Name of the Vulnerable Software and Affected Versions: Positive Software H-Sphere WebShell version 4.3.10

Description: A cross-site request forgery (CSRF) issue allows remote attackers to perform unauthorized actions as an administrator. This includes file deletion and creation via a link or IMG tag to certain actions, such as overkill, futils, or edit actions.

Recommendations: For Positive Software H-Sphere WebShell version 4.3.10, consider implementing CSRF protection mechanisms to prevent unauthorized actions. As a temporary workaround, restrict access to the actions.php file and its associated actions until a patch is available. Avoid using links or IMG tags that could trigger the overkill, futils, or edit actions in the affected API endpoint until the issue is resolved.