CATEGORIES: Company News General Industry News Research List View

RedTeam Discovers CSRF in PHPWCMS

Category: Research Tags: phpwcms, csrf, vulnerability, exploit

Posted by: labs@redteamsecure.com (Jeremiah Talamantes) on 2010-06-22 09:35:38

RedTeam Discovers Cross Site Request Forgery vulnerability in PHPWCMS

Jeremiah Talamantes, Principal Security Consultant and Security Researcher at RedTeam, has discovered a cross-site request forgery vulnerability in PHPWCMS version 1.4.5. The security vulnerability in the open source content management system revolves around a lack of security controls around input validation.

The CSRF vulnerability in PHPWCMS could be exploited to conduct cross-site request forgery attacks. This issue is caused due to input validation errors in the administrative interface when processing HTTP requests, which could be exploited by attackers to manipulate certain data by tricking an authenticated administrator into visiting a malicious web page (See proof of concept).

Jeremiah has developed proof of concept code for this vulnerability in HTML. This security vulnerability has been published by Secunia, the Exploit Database among other online vulnerability databases.

Published Exploit
* Secunia: #40319
* Exploit Database: EDB #13960

Share |

Follow Our Twitter

Follow Our RSS

Contact Us

Phone number:
1-612-234-7848

E-mail:

info@redteamsecure.com

RedTeam Labs

RedTeam Discovers CSRF in PHPWCMS

Follow Our Twitter

Follow Our RSS

Categories

Contact Us