CVE-2020-35687: PHPFusion (Cross Site Request Forgery)
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.
1.1 Vulnerability Summary
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.
Watch the video to learn more about this and other important vulnerabilities.
1.2 CVSS Score
NVD Base score of this vulnerability is 4.3 Medium . CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1.3 Affected Version
PHPFusion version 9.03.90
1.4 Vulnerability Attribution
This vulnerability is reported by MITRE.
1.5 Risk Impact
Exploiting this vulnerability will allow attacker to delete all sensitive and critical shoutbox data.
Exploit is available in public domain here.
1.6 Virsec Security Platform (VSP) Support:
VSP-Web has capability that can detect all types of CSRF attack and prevent this attack from being exploited.
1.7 Reference Links:
- CSRF attack leads to deletion of shoutbox messages · Issue #2347 · PHPFusion/PHPFusion · GitHub
Download the full vulnerability report to learn more about this and other important vulnerabilities.
Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!