MuraCMS Cross-Site Request Forgery Vulnerability in User Group Management

A cross-site request forgery (CSRF) vulnerability has been identified in MuraCMS versions through 10.1.10. The issue resides in the user management feature, specifically within the 'Add To Group' functionality. The vulnerability allows attackers to escalate privileges by adding users to groups without proper authorization. The affected method, 'addToGroup', lacks CSRF token validation and directly processes user-supplied 'userId' and 'groupId' parameters. This enables malicious websites to forge requests that are automatically executed when an authenticated administrator visits the crafted page. While the vulnerability allows horizontal privilege escalation to other groups and vertical escalation to the admin group, it does not permit escalation to the Super Admins group.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation in user group management, potentially leading to elevated administrative rights.

Remediation

Users can update to MuraCMS version 10.1.11 or later, where this vulnerability has been addressed.