Sentrifugo 3.2 CSRF
Disclosure date: 9/5/19
CVE-2019-16059
Sentrifugo 3.2 and possibly before are affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.
User profile page:
Malicious form:
The outcome: