N/A

Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox.

N/A

N/A

Catalyst IT Mahara 跨站请求伪造漏洞

Catalyst It Catalyst IT Mahara是新西兰Catalyst IT（Catalyst It）公司的一套社交网络系统。该系统包含博客、履历表生成器、文件管理器等。 Mahara 20.10 存在跨站请求伪造漏洞，攻击者可利用该漏洞删除服务器上的inbox-mail。

N/A

N/A