CVE-2010-3603
CVE-2010-3603
Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information.
Productos afectados
n/a · n/aPoCs públicas encontradas — 4
cve_referencepacketstormsecurity.org/1009-advisories/moaub16-mojoportal.pdfno verificadocve_referencepacketstormsecurity.org/1009-exploits/moaub-mojoportal.txtno verificadocve_referencewww.exploit-db.com/exploits/15018no verificadoexploitdbwww.exploit-db.com/exploits/15018no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://osvdb.org/68060http://packetstormsecurity.org/1009-advisories/moaub16-mojoportal.pdfhttp://packetstormsecurity.org/1009-exploits/moaub-mojoportal.txthttp://secunia.com/advisories/41481https://exchange.xforce.ibmcloud.com/vulnerabilities/61834http://www.exploit-db.com/exploits/15018http://www.mojoportal.com/mojoportal-2352-released.aspx