PT-2018-11804 · Jirafeau · Jirafeau

Published

2018-07-06

Updated

2018-08-23

CVE-2018-13407

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Jirafeau versions prior to 3.4.1

Description A CSRF issue was discovered in the "delete file" feature on the admin panel, which is not protected against automated requests and could be abused.

Recommendations For versions prior to 3.4.1, update to version 3.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin panel to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-13407

Affected Products

Jirafeau

PT-2018-11804 · Jirafeau · Jirafeau

CVE-2018-13407

Weakness Enumeration

Related Identifiers

Affected Products

References · 3