Cross-Site Request Forgery Vulnerability in Subrion CMS by Subrion
CVE-2019-20390

8.1HIGH

Key Information:

Vendor: Intelliants
Status: Subrion
Vendor: CVE Published:; 15 May 2020

🔔 Create Intelliants Vulnerability Alert

What is CVE-2019-20390?

A cross-site request forgery vulnerability exists in Subrion CMS version 4.2.1, which can be exploited by remote attackers to delete files without the user's awareness. The flaw arises because the application improperly validates CSRF tokens for GET requests, enabling attackers to craft a malicious URL that, when accessed by an authenticated user, allows for unauthorized file removal on the server. Proper token validation and additional security measures are necessary to prevent such attacks in web applications.

References

http://packetstormsecurity.com/files/157700/Subrion-CMS-4...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2020
Vulnerability Reserved
Jan 22, 2020