Описание
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| frontaccounting | removed | package | ||
| frontaccounting | end-of-life | wheezy | package |
Примечания
https://securitywarrior9.blogspot.ca/2018/02/cross-site-request-forgery-front.html
Связанные уязвимости
CVSS3: 8.8
ubuntu
почти 8 лет назад
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).
CVSS3: 8.8
nvd
почти 8 лет назад
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).
CVSS3: 8.8
github
больше 3 лет назад
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).