N/A

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.

N/A

N/A

Subrion CMS 跨站请求伪造漏洞

Subrion CMS是Subrion团队的一套基于PHP的内容管理系统（CMS）。该系统可被集成到网站，并支持多种扩展插件等。 Subrion CMS 4.2.1版本中存在跨站请求伪造漏洞。远程攻击者可通过构建panel/uploads/read.json?cmd=rm URL并将其发送到用户利用该漏洞在用户未知情的情况下删除服务器上的文件。

N/A

N/A