-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing CSRF protections in the admin password change functionality. Key evidence includes: 1) The CWE-352 classification confirms it's a CSRF issue 2) The GitHub advisory explicitly states missing CSRF tokens and origin validation 3) The fix in v4.2.1 (referencing issue #638) would logically add CSRF checks to the member update handler. While exact function names aren't visible in provided data, Subrion's MVC structure suggests the vulnerability exists in the member controller's update method handling POST requests to this endpoint.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| intelliants/subrion | composer | < 4.2.1 | 4.2.1 |