|Easy to exploit|
|(other affected products)||Published: Mon Feb 11 21:29:00 2019 UTC. Last Modified: Wed Feb 13 12:31:00 2019 UTC|
CPE matches: cpe:2.3:a:c.p.sub_project:c.p.sub:*:*:*:*:*:*:*:* && versionEndExcluding=5.3
C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI.
- Complete loss of protection.
- Remote attacking is possible through the network and can be done by anyone (requires no authentication).
- Human user action interaction is required for the attack.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N (CVSSv3)
Type of bug(s)
- CWE-352, Cross-Site Request Forgery (CSRF): The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.