Redaxscript Cross Site Request Forgery Vulnerability

Bugtraq ID:	52265
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 02 2012 12:00AM
Updated:	Mar 02 2012 12:00AM
Credit:	Russ McRee
Vulnerable:	Redaxscript Redaxscript 0.3.2a
Not Vulnerable:	Redaxscript Redaxscript 0.4

Redaxscript Cross Site Request Forgery Vulnerability

Redaxscript is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain administrative actions, delete or disable arbitrary users, and gain unauthorized access to the affected application. Other attacks are also possible.

Redaxscript 0.3.2a is vulnerable; other versions may also be affected.

Redaxscript Cross Site Request Forgery Vulnerability

To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.

Redaxscript Cross Site Request Forgery Vulnerability

Solution:
Updates are available. Please see the references for more information.

Redaxscript Cross Site Request Forgery Vulnerability

References:

• Redaxscript Homepage (Redaxscript)