CSRF Vulnerability in Smoothwall Express Web Management Interface Allows Remote Authentication Hijacking

CSRF Vulnerability in Smoothwall Express Web Management Interface Allows Remote Authentication Hijacking

CVE-2011-5284 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi.

Learn more about our Web App Pen Testing.