First published: Sun Jul 07 2019(Updated: )
Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Flarum Flarum | =0.1.0 | |
Flarum Flarum | =0.1.0-beta2 | |
Flarum Flarum | =0.1.0-beta3 | |
Flarum Flarum | =0.1.0-beta4 | |
Flarum Flarum | =0.1.0-beta5 | |
Flarum Flarum | =0.1.0-beta6 | |
Flarum Flarum | =0.1.0-beta7 | |
Flarum Flarum | =0.1.0-beta7.1 | |
Flarum Flarum | =0.1.0-beta7.2 | |
Flarum Flarum | =0.1.0-beta8 | |
Flarum Flarum | =0.1.0-beta8.1 | |
Flarum Flarum | =0.1.0-beta8.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.