PT-2018-18014 · Danwin · Danwin
Pehelwan
·
Published
2018-02-21
·
Updated
2018-03-16
·
CVE-2018-7308
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
DanWin hosting versions through 2018-02-11
Description
A CSRF issue was found in
var/www/html/files.php that allows arbitrary remote users to add, delete, or modify any files in any hosting account.Recommendations
For versions through 2018-02-11, update to a version released after 2018-02-11 to resolve the issue. As a temporary workaround, consider restricting access to the
files.php file to minimize the risk of exploitation.Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Danwin