CVE-2017-15063

There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.
References
Link Resource
https://github.com/intelliants/subrion/issues/547 Issue Tracking Patch Vendor Advisory
https://github.com/intelliants/subrion/issues/570 Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:intelliants:subrion:*:*:*:*:*:*:*:*

Information

Published : 2017-10-06 00:29

Updated : 2018-11-08 07:01


NVD link : CVE-2017-15063

Mitre link : CVE-2017-15063


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

intelliants

  • subrion