CSRF security issue affecting GET requests (CVE-2015-4168)

Datum: 18.07.2015 13:41

Ankit Bharathan of provensec llc discovered another CSRF security issue affecting HTTP GET requests. Thanks to him for reporting this issue. smiley
All versions of UliCMS are affected.

An attacker could get an user to click on a manipulated link, which executes actions like the deletion of a dataset.

Since it will not be checked, if the action is executed directly from UliCMS backend or from external the dataset will be deleted without a confirmation.

The threatment level is rated as medium. The vulnerability has the CVE-ID CVE-2015-4168.

The developer would like to announce, that he starts to work on a patch for fixing this issue.

« Introducing UliCMS PortablePatch for CVE-2015-4168 »

Comments

Name: *  
Homepage:  
Email: *  

 Ich habe die Datenschutzerklärung zur Kenntnis genommen. Ich stimme zu, dass meine Angaben und Daten zur Beantwortung meiner Anfrage elektronisch erhoben und gespeichert werden. Hinweis: Sie können Ihre Einwilligung jederzeit für die Zukunft per E-Mail an daten-entfernen@ulicms.de widerrufen.

No Comments existing yet.

Don't click this link