CVE-2017-15063: Subrion CMS CSRF Vulnerability
8.8
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.33898%
CWE
Published
5/14/2022
Updated
9/21/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| intelliants/subrion | composer | >= 4.1, < 4.2.0 | 4.2.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The analysis focused on the changes made in the patch to understand which functions were involved in the vulnerability. The init() method and _executeModule() were identified as key because they relate to the order of operations that led to the CSRF vulnerability.