SS-2015-017: CSRF Vulnerability

August 10, 2015

A number of form actions in the Forum module are directly accessible. A malicious user (e.g. spammer) can use GET requests to create Members and post to forums, bypassing CSRF and anti-spam measures. Additionally, a forum moderator could be tricked into clicking a specially crafted URL, resulting in a topic being moved.

References

www.silverstripe.org/software/download/security-releases/ss-2015-017/

Code Behaviors & Features

Detect and mitigate SS-2015-017 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →