TestLink version 1.9.3 and probably prior suffers from cross-site request forgery (CSRF) vulnerability (CVE-2012-2275).
The source of the requests does not have proper validity checks, this can be exploited to perform certain actions via HTTP requests by authorized users. In original security advisory we can see PoC for "lib/usermanagement/userInfo.php" script to change administrator's email.
Vulnerability ID: HTB23088
Vendor Notification: April 18, 2012
Public Disclosure: September 5, 2012
Vulnerability Type: XSRF/CSRF
Risk level: Medium [CVSSv2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)]
Solution Status: Fixed by Vendor, upgrade to TestLink 1.9.4
See details and PoC-examples for this advisory: Сross-Site Request Forgery (CSRF) in TestLink.
No comments:
Post a Comment