High severityNVD Advisory· Published May 15, 2020· Updated Aug 5, 2024
CVE-2019-20390
CVE-2019-20390
Description
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Subrion/CMSdescription
- ghsa-coords
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-c4wx-3x5q-hf4wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-20390ghsaADVISORY
- packetstormsecurity.com/files/157700/Subrion-CMS-4.2.1-Cross-Site-Request-Forgery.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.