CVE-2015-4619

Name of the Vulnerable Software and Affected Versions Spina versions prior to commit bfe44f289e336f80b6593032679300c493735e75

Description The issue is a cross-site request forgery (CSRF) vulnerability. It affects the Spina::ApplicationController actions, which lacked CSRF protection. This results in a CSRF vulnerability across the entire engine, including administrative functionality such as creating users, changing passwords, and media management.

Recommendations For versions prior to commit bfe44f289e336f80b6593032679300c493735e75, update to a version that includes the fix for this issue. As a temporary workaround, consider implementing CSRF protection for Spina::ApplicationController actions to minimize the risk of exploitation. Restrict access to administrative functionality, such as creating users, changing passwords, and media management, until the issue is resolved.