PT-2020-7119 · Unknown · Advanced Electron Forum

Aung Khant

Published

2020-01-22

Updated

2020-01-27

CVE-2011-3582

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Advanced Electron Forums (AEF) versions 1.0.0 through 1.0.9

Description A Cross-site Request Forgery (CSRF) issue exists due to inadequate confirmation for sensitive transactions in the administrator functions.

Recommendations For versions 1.0.0 through 1.0.9, consider implementing proper confirmation mechanisms for sensitive transactions in administrator functions to mitigate the risk of exploitation. As a temporary workaround, restrict access to administrator functions until a proper fix is applied.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2011-3582

Affected Products

Advanced Electron Forum

PT-2020-7119 · Unknown · Advanced Electron Forum

CVE-2011-3582

Weakness Enumeration

Related Identifiers

Affected Products

References · 3