View Issue Details

IDProjectCategoryView StatusLast Update
13562Bug reports[All Projects] Securitypublic2018-04-06 11:47
Reporterstrukt93Assigned Tomarkusfluer 
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version 
Target VersionFixed in Version3.6.x 
Summary13562: CSRF in box deletion
Description

This issue allows an attacker to CSRF an administrator into deleting a box, the following is the vulnerable request:

http://HOST/limesurvey/index.php/admin/homepagesettings/sa/delete/id/ID

The last parameter in the path, ID, should be replaced with the appropriate box ID for successful exploitation.

TagsNo tags attached.
Complete LimeSurvey version number (& build)3.0.0-beta.3+17110
I will donate to the project if issue is resolvedNo
Browser
Database & DB-VersionMariaDB
Server OS (if known)Linux/Windows
Webserver software & version (if known)Apache2
PHP Version7.0

Activities

markusfluer

markusfluer

2018-04-05 14:29

administrator   ~47343

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=26925

Related Changesets

LimeSurvey: master d36a92d4

2018-04-05 12:53:42

markusfluer

Details Diff
Fixed issue 13562: CSRF in box deletion Affected Issues
13562
mod - application/controllers/admin/homepagesettings.php Diff File
mod - application/models/Boxes.php Diff File

Issue History

Date Modified Username Field Change
2018-04-02 16:58 strukt93 New Issue
2018-04-05 13:39 markusfluer Assigned To => markusfluer
2018-04-05 13:39 markusfluer Status new => resolved
2018-04-05 13:39 markusfluer Resolution open => fixed
2018-04-05 13:39 markusfluer Fixed in Version => 3.6.x
2018-04-05 14:29 markusfluer Changeset attached => LimeSurvey master d36a92d4
2018-04-05 14:29 markusfluer Note Added: 47343
2018-04-06 11:47 markusfluer Status resolved => closed