PT-2020-7113 · Unknown · Websitebaker

Aung Khant

Published

2020-01-14

Updated

2020-01-17

CVE-2011-2934

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions WebsiteBaker versions 2.8.1 and earlier

Description A Cross Site Request Forgery (CSRF) issue exists in the administrator functions due to inadequate confirmation for sensitive transactions.

Recommendations For versions 2.8.1 and earlier, consider implementing additional confirmation steps for sensitive transactions to mitigate the risk of CSRF attacks. As a temporary workaround, restrict access to administrator functions until a fix is available.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2011-2934

Affected Products

Websitebaker

PT-2020-7113 · Unknown · Websitebaker

CVE-2011-2934

Weakness Enumeration

Related Identifiers

Affected Products

References · 3