Описание
Cross-Site Request Forgery in yetiforce
Versions of yetiforce 6.3.0 and prior are subject to privilege escalation via a cross site request forgery bug. This allows an attacker to create a new admin account even with SameSite: Strict enabled. This vulnerability can be exploited by any user on the system including guest users.
Пакеты
Наименование
yetiforce/yetiforce-crm
composer
Затронутые версииВерсия исправления
<= 6.3.0
Отсутствует
Связанные уязвимости
CVSS3: 8
nvd
около 4 лет назад
Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.