Skip to content

Instantly share code, notes, and snippets.

@omriinbar-cyesec
Created July 17, 2022 07:57
Embed
What would you like to do?
CVE-2022-32320
Vulnerable Product Version: All versions of Ferdi up to and including 5.8.1 and all versions of Ferdium up to and including 6.0.0-nightly.98
Vulnerability Type: Cross-Site Request Forgery (CWE-352)
Description: A cross-site request forgery (CSRF) vulnerability exists in all versions of Ferdi up to and including 5.8.1 and all versions of Ferdium up to and including 6.0.0-nightly.98. The application does not have CSRF checks in place when performing actions such as uploading a settings/preferences file. As a result, attackers could make a user upload a malicious settings file via a CSRF attack which leads to Arbitrary File Read and, in some cases, Remote Code Execution.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment