IQID:14199 HTTP PHP NEWS (add Admin) CSRF Vulnerability (From Server) S

IQID:14199 HTTP PHP NEWS (add Admin) CSRF Vulnerability (From Server) S

IQID: 14199 - November 2016

PHP NEWS 1.3.0 versions is vulnerable to CSRF attack (No CSRF token in place) meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), a form will be submitted to (http://sitename/path/index.php) that will change admin password. Once exploited, the attacker can login to the admin panel using the username and the password he posted in the form.

A Full Description is available for this threat, please sign in for access to Full Description.

Attack Data

Attack Data is available for this threat, please sign in for access to Attack Data.

CVSS Information

CVSS Information is available for this threat, please sign in for access to CVSS Information.

Date

Date Information is available for this threat, please sign in for access to Date Information.

Security Rule

A security rule is available to identify this threat, please sign in for access to security rules.

Permalink

Link directly to this page.

http://www.idappcom.com/db/?14199

© 2024 by IDappcom. Privacy policy. IDappcom Ltd, 6 Rural Enterprise Centre, Ludlow, Shropshire, SY8 1FF.