Cross site request forgery (csrf)

2010-09-2421:00:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.9%

JSON

Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information.

CPENameOperatorVersion
mojoportaleq2.3.5.1
mojoportaleq2.3.4.3

CPE	Name	Operator	Version
	mojoportal	eq	2.3.5.1
	mojoportal	eq	2.3.4.3

References

osvdb.org/68060

packetstormsecurity.org/1009-advisories/moaub16-mojoportal.pdf

packetstormsecurity.org/1009-exploits/moaub-mojoportal.txt

secunia.com/advisories/41481

www.mojoportal.com/mojoportal-2352-released.aspx

exchange.xforce.ibmcloud.com/vulnerabilities/61834

www.exploit-db.com/exploits/15018