Miggo Logo
Miggo Vulnerability Database
CVE-2018-18420

CVE-2018-18420:
Zenario CMS vulnerable to CSRF

8.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-18420
GHSA ID
GHSA-22cq-xxr9-jrrv
EPSS Score
0.34085%
CWE
CWE-352
Published
5/14/2022
Updated
7/7/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
tribalsystems/zenariocomposer< 8.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in the admin/organizer.ajax.php endpoint handling content panel operations. While exact function names aren't disclosed in available sources, CSRF vulnerabilities typically occur in state-changing handlers that lack CSRF token validation(). The URI pattern and vulnerability description indicate this endpoint processes privileged actions without verifying request origin, making its handler functions inherently vulnerable. The high confidence comes from the direct correlation between the exposed endpoint and typical CSRF vulnerability patterns in web handlers.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-Sit* R*qu*st *or**ry (*SR*) vuln*r**ility w*s *is*ov*r** in t** *.* v*rsion o* Z*n*rio *ont*nt M*n***m*nt Syst*m vi* t** `**min/or**niz*r.*j*x.p*p?p*t*=z*n*rio__*ont*nt%**p*n*ls%***ont*nt` URI.

Reasoning

T** vuln*r**ility m*ni**sts in t** `**min/or**niz*r.*j*x.p*p` *n*point **n*lin* *ont*nt p*n*l op*r*tions. W*il* *x**t *un*tion n*m*s *r*n't *is*los** in *v*il**l* sour**s, *SR* vuln*r**iliti*s typi**lly o**ur in st*t*-***n*in* **n*l*rs t**t l**k *SR*