exploitDog

GHSA-qmhq-prcq-pvp4

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege.

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege.

Ссылки

EPSS

Процентиль: 34%

0.00139

Низкий

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2021-30112

CVSS3: 6.5

nvd

почти 5 лет назад

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege.

EPSS

Процентиль: 34%

0.00139

Низкий

CVE ID

Дефекты

CWE-352