Kliqqi 3.0.0.5: From Cross-Site Request Forgery to Code Execution

20 Dec 2016 by Martin Bednorz

Kliqqi

Today’s gift in our advent calendar contains descriptions of vulnerabilities in Kliqqi, the successor to the popular Pligg CMS mostly used for the creation of interactive social communities. Due to missing CSRF protection, an attacker is able to prepare a website that ultimately leads to code execution on the applications server when visited by a target.

Read More ...