31 Mar 2021
Vulnérabilité CVE-2021-29349 CVE Vulnerability
Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox. (CVSS:4.3) (Last Update:2021-04-07)
Vulnerability Details : Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox. Publish Date : 2021-03-31 Last Update Date : 2021-04-07 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2021-29349
- Number Of Affected Versions By Product
- References For CVE-2021-29349
| |||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2021-29349There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |