Miggo Logo
Miggo Vulnerability Database
CVE-2017-15063

CVE-2017-15063: Subrion CMS CSRF Vulnerability

8.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-15063
GHSA ID
GHSA-rc94-7v55-wmg6
EPSS Score
0.33898%
CWE
CWE-352
Published
5/14/2022
Updated
9/21/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
intelliants/subrioncomposer>= 4.1, < 4.2.04.2.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis focused on the changes made in the patch to understand which functions were involved in the vulnerability. The init() method and _executeModule() were identified as key because they relate to the order of operations that led to the CSRF vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T**r* *r* *SR* vuln*r**iliti*s in Su*rion *MS *.*.x t*rou** *.*.*, *n* ***or* *.*.*, ****us* o* * lo*i* *rror. *lt*ou** t**r* is *un*tion*lity to **t**t *SR*, it is **ll** too l*t* in t** i*.*or*.p*p *o**, *llowin* (*or *x*mpl*) *n *tt**k ***inst t**

Reasoning

T** *n*lysis *o*us** on t** ***n**s m*** in t** p*t** to un**rst*n* w*i** *un*tions w*r* involv** in t** vuln*r**ility. T** `init()` m*t*o* *n* `_*x**ut*Mo*ul*()` w*r* i**nti*i** *s k*y ****us* t**y r*l*t* to t** or**r o* op*r*tions t**t l** to t** *