CVE-2013-4555

CVE-2013-4555

EPSS 1.2%

Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://core.spip.org/projects/spip/repository/revisions/20874 http://secunia.com/advisories/55551 https://www.debian.org/security/2013/dsa-2794 http://www.openwall.com/lists/oss-security/2013/11/10/4 http://www.securitytracker.com/id/1029317 http://www.spip.net/fr_article5646.html