View Issue Details

This bug affects 1 person(s).
 252
IDProjectCategoryView StatusLast Update
13562Bug reportsSecuritypublic2018-04-06 11:47
Reporterstrukt93 Assigned Tomarkusfluer 
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Fixed in Version3.6.x 
Summary13562: CSRF in box deletion
DescriptionThis issue allows an attacker to CSRF an administrator into deleting a box, the following is the vulnerable request:

http://HOST/limesurvey/index.php/admin/homepagesettings/sa/delete/id/ID

The last parameter in the path, ID, should be replaced with the appropriate box ID for successful exploitation.
TagsNo tags attached.
Bug heat252
Complete LimeSurvey version number (& build)3.0.0-beta.3+17110
I will donate to the project if issue is resolvedNo
Browser
Database type & versionMariaDB
Server OS (if known)Linux/Windows
Webserver software & version (if known)Apache2
PHP Version7.0

Users monitoring this issue

User List There are no users monitoring this issue.

Activities

markusfluer

markusfluer

2018-04-05 14:29

administrator   ~47343

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=26925

Related Changesets

LimeSurvey: master d36a92d4

2018-04-05 12:53:42

markusfluer

Details Diff
Fixed issue 13562: CSRF in box deletion Affected Issues
13562
mod - application/controllers/admin/homepagesettings.php Diff File
mod - application/models/Boxes.php Diff File

Issue History

Date Modified Username Field Change
2018-04-02 16:58 strukt93 New Issue
2018-04-05 13:39 markusfluer Assigned To => markusfluer
2018-04-05 13:39 markusfluer Status new => resolved
2018-04-05 13:39 markusfluer Resolution open => fixed
2018-04-05 13:39 markusfluer Fixed in Version => 3.6.x
2018-04-05 14:29 markusfluer Changeset attached => LimeSurvey master d36a92d4
2018-04-05 14:29 markusfluer Note Added: 47343
2018-04-06 11:47 markusfluer Status resolved => closed