CVE-2020-22761

Vulnerability

FlatPress 1.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the DeleteFile function located in flat/admin.php. The function is invoked via an unauthenticated GET request from the mediamanager plugin (fp-plugins/mediamanager/tpls/admin.plugin.mediamanager.files.tpl). The application does not implement anti-CSRF tokens, making it susceptible to CSRF attacks [1].

Exploitation

An attacker can craft a malicious link or webpage that triggers a GET request to the vulnerable endpoint, e.g., ...&deletefile=.... If an authenticated administrator visits the crafted link, the request is executed in the context of their session, resulting in file deletion without their consent [1].

Impact

Successful exploitation allows an attacker to delete arbitrary files on the server, potentially causing data loss or denial of service. The attacker does not need direct access to the server; they only need to trick an authenticated admin into clicking a link [1].

Mitigation

No official patch has been confirmed in the available references. Users should implement CSRF protection mechanisms, such as anti-CSRF tokens, and consider restricting access to the admin panel [1].