Sentrifugo 3.2 CSRF

    Disclosure date:  9/5/19

    CVE-2019-16059

    Sentrifugo 3.2 and possibly before are affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection.  This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.


    User profile page:





    Malicious form:






    The outcome:



    © 2020 sevenlayers.com