Vulnerability CVE-2018-6009


Published: 2018-01-22

Description:
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

Vendor: Yiiframework
Product: Yiiframework 
Version:
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.13.1
2.0.13
2.0.12
2.0.11.2
2.0.11.1
2.0.11
2.0.10
2.0.1
2.0.0

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://github.com/yiisoft/yii2/commit/6c0540aa2d6e0fe0fa89e4fd35bba4be5d6cece7

Related CVE
CVE-2018-6010
In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode, related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/e...
CVE-2017-11516
An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.
CVE-2015-3397
Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7.
CVE-2014-4672
The CDetailView widget in Yii PHP Framework before 1.1.15 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.

Copyright 2019, cxsecurity.com

 

Back to Top