TWiki Cross-Site Request Forgery Vulnerability Network Vulnerability

Summary

The host is running TWiki and is prone to Cross-Site Request Forgery Vulnerability.

Impact

Successful exploitation will allow attacker to gain administrative privileges on the target application and can cause CSRF attack. Impact Level: Application

Solution

Upgrade to version 4.3.1 or later, http://twiki.org/cgi-bin/view/Codev/DownloadTWiki

Insight

Remote authenticated user can create a specially crafted image tag that, when viewed by the target user, will update pages on the target system with the privileges of the target user via HTTP requests.

Affected

TWiki version prior to 4.3.1

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526258
http://secunia.com/advisories/34880

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1339

CVSS	Base Score: 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
/cgi-bin directory browsable ?
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
An Image Gallery Directory Traversal Vulnerability
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability

Take action and discover your vulnerabilities