13562: CSRF in box deletion - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

252

ID	Project	Category	View Status	Date Submitted	Last Update

13562	Bug reports	Security	public	2018-04-02 16:58	2018-04-06 11:47

Reporter	strukt93	Assigned To	~~markusfluer~~
Priority	none	Severity	minor
Status	closed	Resolution	fixed
Fixed in Version	3.6.x

Summary	13562: CSRF in box deletion
Description	This issue allows an attacker to CSRF an administrator into deleting a box, the following is the vulnerable request: http://HOST/limesurvey/index.php/admin/homepagesettings/sa/delete/id/ID The last parameter in the path, ID, should be replaced with the appropriate box ID for successful exploitation.
Tags	No tags attached.

Bug heat	252
Complete LimeSurvey version number (& build)	3.0.0-beta.3+17110
I will donate to the project if issue is resolved	No
Browser
Database type & version	MariaDB
Server OS (if known)	Linux/Windows
Webserver software & version (if known)	Apache2
PHP Version	7.0

User List	There are no users monitoring this issue.

Date Modified	Username	Field	Change
2018-04-02 16:58	strukt93	New Issue
2018-04-05 13:39	~~markusfluer~~	Assigned To	=> markusfluer
2018-04-05 13:39	~~markusfluer~~	Status	new => resolved
2018-04-05 13:39	~~markusfluer~~	Resolution	open => fixed
2018-04-05 13:39	~~markusfluer~~	Fixed in Version	=> 3.6.x
2018-04-05 14:29	~~markusfluer~~	Changeset attached	=> LimeSurvey master d36a92d4
2018-04-05 14:29	~~markusfluer~~	Note Added: 47343
2018-04-06 11:47	~~markusfluer~~	Status	resolved => closed

LimeSurvey: master d36a92d4 2018-04-05 14:53 ~~markusfluer~~ Details Diff	Fixed issue 13562: CSRF in box deletion	Affected Issues 13562
	mod - application/controllers/admin/homepagesettings.php	Diff File
	mod - application/models/Boxes.php	Diff File

~~markusfluer~~ 2018-04-05 14:29 administrator ~47343	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=26925