PT-2017-13842 · Intelliants · Subrion Cms
9Emin1
·
Published
2017-10-06
·
Updated
2022-05-14
·
CVE-2017-15063
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Subrion CMS versions 4.1.x through 4.1.5
Subrion CMS versions before 4.2.0
Description
The issue arises from a logic error in the code, specifically in the ia.core.php file, where the CSRF detection functionality is called too late. This allows for potential attacks, such as those targeting the
query parameter in the "panel/database" endpoint.Recommendations
For Subrion CMS versions 4.1.x through 4.1.5, update to version 4.2.0 or later to resolve the issue.
For Subrion CMS versions before 4.2.0, update to version 4.2.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the ia.core.php code and the "panel/database" endpoint to minimize the risk of exploitation.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Subrion Cms