CVE-2017-15063 Information

Description

There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5 and before 4.2.0 because of a logic error. Although there is functionality to detect CSRF it is called too late in the ia.core.php code allowing (for example) an attack against the query parameter to panel/database.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://github.com/intelliants/subrion/issues/547 https://github.com/intelliants/subrion/issues/570

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8