JVN#60776919
tDiary cross-site request forgery vulnerability
Overview
tDiary, a weblog system from the tDiary development project, contains a cross-site request forgery (CSRF) vulnerability.
Products Affected
- tDiary 2.0.1 and earlier
- tDiary 2.1.1
Description
Impact
If a user loads a malicious web page, an attacker could alter or delete the diary text or alter tDiary configurations. In addition, a remote attacker could execute an arbitrary script or command on the web server running tDiary with privileges of the tDiary user.
Solution
References
JPCERT/CC Addendum
Credit
Yutaka Oiwa and Hiromitsu Takagi of Research Center for Information Security (RCIS) National Institute of Advanced Industrial Science and Technology (AIST), Japan reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2005-2411 |
| JVN iPedia |
JVNDB-2005-000777 |