Summary
The host is running TWiki and is prone to Cross-Site Request Forgery vulnerability.
Impact
Successful exploitation will allow attacker to gain administrative privileges on the target application and can cause CSRF attack.
Impact Level: Application
Solution
Upgrade to TWiki version 4.3.2 or later,
For updates refer to http://twiki.org/cgi-bin/view/Codev/DownloadTWiki
Insight
Attack can be done by tricking an authenticated TWiki user into visiting a static HTML page on another side, where a Javascript enabled browser will send an HTTP POST request to TWiki, which in turn will process the request as the TWiki user.
Affected
TWiki version prior to 4.3.2
References
Severity
Classification
-
CVE CVE-2009-4898 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities