Vulnerability Type: Cross-Site Request Forgery
Severity: High
Estimated CVSS Score: 8.3 (https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
Vulnerable Page: u5admin/savepage.php
Impacted version: At least 8.3.5 (but I think <= 10.1.13 are vulnerable too because of commit : "Initital import of version 8.3.5")
Description
The savepage.php page is vulnerable to a CSRF flaw that can lead to an RCE when using the ability to write PHP code within the CMS pages, if the victim/targeted user has the right privileges (ie. admin).
Summary
Vulnerability Type: Cross-Site Request Forgery
Severity: High
Estimated CVSS Score: 8.3 (https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
Vulnerable Page: u5admin/savepage.php
Impacted version: At least 8.3.5 (but I think <= 10.1.13 are vulnerable too because of commit : "Initital import of version 8.3.5")
Description
The savepage.php page is vulnerable to a CSRF flaw that can lead to an RCE when using the ability to write PHP code within the CMS pages, if the victim/targeted user has the right privileges (ie. admin).
Proof of Concept
Remediation
u5cms should implement token protection against CSRF attack (https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html)
The text was updated successfully, but these errors were encountered: