Session key is not checked during file upload
Bug #1480329 reported by
abdullah
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Aaron Wells | ||
1.10 |
Fix Released
|
High
|
Unassigned | ||
1.9 |
Fix Released
|
High
|
Unassigned | ||
15.04 |
Fix Released
|
High
|
Unassigned | ||
15.10 |
Fix Released
|
High
|
Aaron Wells |
Bug Description
Hi this is Abdullah ,
I found CSRF make user upload files to any group without his know it can be used to attack admins to upload evil files .
PoC :
video
http://
the fix :
check sesskey is valid in (groupfiles.php)
I hope put my name in release note .
Are there a CVE for this bug ?
Thanks
Used mahara least version
CVE References
Changed in mahara: | |
importance: | Undecided → High |
assignee: | nobody → Aaron Wells (u-aaronw) |
milestone: | none → 15.10.0 |
status: | New → In Progress |
summary: |
- CSRF bug + Session key is not checked during file upload |
information type: | Private Security → Public Security |
description: | updated |
To post a comment you must log in.
Hello Abdullah,
Thank you for your report. Our team will review this and get back to you next week with an update.
Cheers
Kristina