mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-16 20:27:21 +00:00
967 B
967 B
CVE-2010-3603
Description
Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information.
POC
Reference
- http://packetstormsecurity.org/1009-advisories/moaub16-mojoportal.pdf
- http://packetstormsecurity.org/1009-exploits/moaub-mojoportal.txt
Github
No PoCs found on GitHub currently.