CVE-2010-3603

Name of the Vulnerable Software and Affected Versions mojoPortal versions 2.3.4.3 through 2.3.5.1

Description A cross-site request forgery (CSRF) issue exists in the file manager service, specifically in the Services/FileService.ashx endpoint. This allows remote attackers to hijack the authentication of administrators, enabling them to rename arbitrary files. For example, an attacker could cause the user.config file to be moved, resulting in a denial of service (service stop) and potentially exposing sensitive information.

Recommendations For versions 2.3.4.3 and 2.3.5.1, consider disabling the Services/FileService.ashx endpoint until a patch is available to prevent exploitation of the CSRF vulnerability. Restrict access to the file manager service to minimize the risk of unauthorized file modifications.