[MajorSecurity SA-070]Plume CMS - change Admin Password via- Cross-site Request Forgery

From: david.kurz@majorsecurity.net
To: bugtraq@securityfocus.com
Subject: [MajorSecurity SA-070]Plume CMS - change Admin Password via- Cross-site Request Forgery

[MajorSecurity SA-070]Plume CMS - change Admin Password via Cross-site Request Forgery

Product: Plume CMS
Security-Risk: high
Remote-Exploit: yes
Vendor-URL: http://www.plume-cms.net/
Advisory-Status: published

Discovered by: David Vieira-Kurz

Affected Products:
Plume CMS 1.2.4
Prior versions may also be vulnerable

"Plume CMS is web based content management system." 

More Details
We at MajorSecurity have discovered a vulnerability in Plume CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to change the administrator's password by tricking a logged in administrator into visiting a malicious web site.

The web application should implement some validity checks to verify the requests before performing certain actions via HTTP requests.

Do not browse untrusted sites or follow untrusted links while being logged-in to the application.

MajorSecurity is a German penetrationtesting and security research company which focuses
on web application security. We offer professional penetrationstest, security audits,
source code reviews. 

Copyright © 1995-2019 LinuxRocket.net. All rights reserved.