Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2022-29647: MCMS CSRF

An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.

CVE
#csrf#vulnerability#web#git
CVE-2022-30470: FileRun - Selfhosted File Manager with Sharing and Backup for Photos, Docs & More

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

CVE-2022-30034: Multiple Vulnerabilities in Flower and Downstream Attacks on Airflow

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.

CVE-2020-20971: There is a CSRF vulnerability that can add the administrator account · Issue #1 · TplusSs/PbootCMS

Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.

CVE-2021-36890: WordPress Social Share Buttons by Supsystic plugin <= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress.

CVE-2021-32546: Releases · gogs/gogs

Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with "\" as its name, and then rename this file to .git/config with the custom configuration content (and then save it).

GHSA-8639-qx56-r428: CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend

### Impact CSRF vulnerability allowing attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Reproduction steps: - Take an order's number. - Log in as an administrator. - Visit that order's adjustments section (_Orders -> {Click on number} -> Adjustments_) and check that its adjustments are finalized (closed padlock under the **State** column). - On another tab, visit `{your_site_url}/admin/orders/{order_number}/adjustments/unfinalize`. - Notice how the adjustments are unfinalized (open padlock), even if the previous was a `GET` request which could have been linked from any other site. - Visit `{your_site_url}/admin/orders/{order_number}/adjustments/finalize`. - Notice how the adjustments are again finalized. That happened because both routes were handled as `GET` requests, which are skipped by Rails anti-forgery protection. ### Patches Users should upgrade to solidus_backend v3.1.6, v3.0.6, or...

CVE-2022-31000: Merge pull request from GHSA-8639-qx56-r428 · solidusio/solidus@de796a2

solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch.

New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email

A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. "Once the email is viewed, the attacker can silently take over the complete mail server without any further user interaction," SonarSource said in a report shared