CVE-2024-0392
published 2025-02-27CVE-2024-0392: A Cross-Site Request Forgery (CSRF) vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token…
PriorityP424medium5.4CVSS 3.1
AVNACLPRNUIRSUCNILAL
EPSS
0.14%
3.3th percentile
A Cross-Site Request Forgery (CSRF) vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft malicious requests that can trigger state-changing operations on behalf of an authenticated user, potentially compromising account settings and data integrity. The vulnerability only affects a limited set of state-changing operations, and successful exploitation requires social engineering to trick a user with access to the management console into performing the malicious action.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wso2 | enterprise_integrator | — | — |
| wso2 | wso2_enterprise_integrator | >= 6.6.0 < 6.6.0.179 | 6.6.0.179 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL FTP CWD Root directory transversal attempt
suricata·2010-09-23
CVE-2003-0392 GPL FTP CWD Root directory transversal attempt
GPL FTP CWD Root directory transversal attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"GPL FTP CWD Root directory transversal attempt"; flow:established,to_server; content:"CWD"; nocase; content:"C|3A 5C|"; distance:1; fast_pattern; reference:bugtraq,7674; reference:cve,2003-0392; reference:nessus,11677; classtype:protocol-command-decode; sid:2102125; rev:11; metadata:created_at 2010_09_23, cve CVE_2003_0392, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
No public exploits indexed.
No writeups or analysis indexed.
2025-02-27
Published