← voltar
CVE-2012-2275

CVE-2012-2275

EPSS 2.7%
Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php.
Produtos afetados
n/a · n/a
PoCs públicas encontradas3
cve_referencepacketstormsecurity.org/files/116275/TestLink-1.9.3-Cross-Site-Request-Forgery.htmlnão verificadocve_referencewww.exploit-db.com/exploits/21135não verificadoexploitdbwww.exploit-db.com/exploits/21135não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://archives.neohapsis.com/archives/bugtraq/2012-09/0023.htmlhttp://gitorious.org/testlink-ga/testlink-code/commit/252788c2373e73173172ada9af661e0721599891http://gitorious.org/testlink-ga/testlink-code/commit/2d4ac941314f8bda80e265c9de8bacf17d1cd3e6http://gitorious.org/testlink-ga/testlink-code/commit/c8751a3c9ad8970b49d1bf882203efacd10af087http://packetstormsecurity.org/files/116275/TestLink-1.9.3-Cross-Site-Request-Forgery.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/78306https://www.htbridge.com/advisory/HTB23088http://www.exploit-db.com/exploits/21135