A Cross-Site Request Forgery (CSRF) vulnerability in Axigen WebAdmin allows attackers to craft malicious URLs that execute arbitrary administrative actions when administrators click the link and authenticate, potentially leading to complete system compromise.
Details
Affected versions:
Axigen 10.3.x, 10.4.x, 10.5.x up to 10.5.56; fixed starting with 10.5.57
Axigen 10.6.x up to 10.6.25; fixed starting with 10.6.26
Vulnerability type: Cross-Site Request Forgery (CSRF)
Affected component(s): Axigen WebAdmin
Prerequisites: The attacker must trick an administrator into clicking a malicious link and completing authentication.
Description:
The WebAdmin interface accepts state-changing requests via the GET method and automatically processes base64-encoded commands queued in the _s (breadcrumb) parameter immediately after administrator authentication. While the _h token normally protects against direct CSRF attacks, attackers can bypass this protection by crafting malicious URLs containing payloads in the _s parameter.
When an administrator clicks such a link and logs in, the queued state-changing request is executed without any additional confirmation or user awareness. This enables attackers to:
- Create rogue administrator accounts
- Modify critical server configurations
- Change security settings
- Perform any action available to the victim administrator
Attackers can distribute these malicious links through phishing emails, support tickets, or other communication channels.
Reported by: Osman Can Vural
Solution
Update now from your WebAdmin.