Description
Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information.
Exploits (1)
References (7)
Core 7
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41481
Exploit x_refsource_misc
http://packetstormsecurity.org/1009-advisories/moaub16-mojoportal.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/61834
Exploit x_refsource_misc
http://packetstormsecurity.org/1009-exploits/moaub-mojoportal.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/68060
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/15018
Patch, Vendor Advisory x_refsource_confirm
http://www.mojoportal.com/mojoportal-2352-released.aspx
Scores
EPSS
0.0422
EPSS Percentile
88.8%
Details
CWE
CWE-352
Status
published
Products (2)
sourcetreesolutions/mojoportal
2.3.4.3
sourcetreesolutions/mojoportal
2.3.5.1
Published
Sep 24, 2010
Tracked Since
Feb 18, 2026