Cross-site Request Forgery (CSRF) Vulnerabilities in SyndeoCMS
|Vendor:||The SyndeoCMS team|
|Vulnerable Versions:||2.9.0 and probably prior|
|Advisory Publication:||July 12, 2010 [without technical details]|
|Vendor Notification:||July 12, 2010|
|Public Disclosure:||July 26, 2010|
|Latest Update:||April 27, 2012|
|Vulnerability Type:||Cross-Site Request Forgery [CWE-352]|
|CVSSv2 Base Score:||4 (AV:N/AC:H/Au:N/C:N/I:P/A:P)|
|Solution Status:||Fixed by Vendor|
|Discovered and Provided:||High-Tech Bridge Security Research Lab|
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SyndeoCMS which could be exploited to perform cross-site request forgery attacks.
|Upgrade to SyndeoCMS 3.0.01|
| High-Tech Bridge Advisory HTB22491 - https://www.htbridge.com/advisory/HTB22491 - Cross-site Request Forgery (CSRF) Vulnerabilities in SyndeoCMS|
 SyndeoCMS - syndeocms.org - Syndeocms is a Content Management System (CMS) to manage and maintain the website of a primary school.
 Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.