PT-2011-3497 · Unknown · Post Revolution
Javier Bassi
·
Published
2011-06-06
·
Updated
2018-10-09
·
CVE-2011-1954
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Post Revolution versions 0.8.0c-2 and earlier
Description
The issue allows remote attackers to hijack the authentication of arbitrary users for requests to specific API endpoints, including "ajax-weblog-guardar.php", "verpost.php", "comments.php", and "perfil.php".
Recommendations
For Post Revolution versions 0.8.0c-2 and earlier, as a temporary workaround, consider restricting access to the affected API endpoints until a patch is available.
Avoid using the affected endpoints in "ajax-weblog-guardar.php", "verpost.php", "comments.php", and "perfil.php" to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Post Revolution