Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CSRF in Admidio 3.2 #612

Closed
faizzaidi opened this issue May 15, 2017 · 4 comments
Closed

CSRF in Admidio 3.2 #612

faizzaidi opened this issue May 15, 2017 · 4 comments

Comments

@faizzaidi
Copy link

Hello,

I would like to report a vulnerability that I have found on Admidio 3.2.8 in which Cross-Site Request Forgery (CSRF) attack is possible.

For details please go through attached document.

Admidio 3.2.8 CSRF POC by Provensec llc.pdf

Regards,
Faiz Ahmed Zaidi

@ximex
Copy link
Member

ximex commented May 15, 2017

@faizzaidi thanks. I see the problem. I will look to fix it

@faizzaidi
Copy link
Author

Hello Team,

Thanks for looking at the issue. If you need anything related to this bug feel free to get back to me.

Regards,
Faiz Ahmed Zaidi

@Fasse Fasse modified the milestones: v3.2.10, v3.2.11 Jun 26, 2017
@ximex ximex added this to Todo in Improve Security Aug 9, 2017
@ximex ximex moved this from Todo to Discussion in Improve Security Aug 9, 2017
@Fasse Fasse modified the milestones: v3.2.11, v3.2.12 Sep 3, 2017
@ximex ximex changed the title CSRF in Admidio 3.2.8 CSRF in Admidio 3.2 Oct 4, 2017
@Fasse Fasse modified the milestones: v3.2.12, v3.2.13 Nov 4, 2017
@Fasse Fasse modified the milestones: v3.2.13, v3.2.14, v3.2.15 Jan 3, 2018
@ximex ximex modified the milestones: v3.2.15, v3.3.1 Apr 15, 2018
@Fasse Fasse removed this from the v3.3.1 milestone Apr 20, 2018
@NicoleG25
Copy link

@ximex was this issue ever addressed ? if so could you point me to the fix? Thank you :)

@ximex
Copy link
Member

ximex commented Apr 22, 2020

@NicoleG25 i adn't fixed it. so i think this issue still need someone to fix it.

@Fasse Fasse added this to the v4.1 milestone Jul 14, 2021
@Fasse Fasse closed this as completed Jul 30, 2021
Improve Security automation moved this from Discussion to Done Jul 30, 2021
@Fasse Fasse mentioned this issue Sep 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Development

No branches or pull requests

4 participants