Описание
Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:eticket:eticket:1.5.5.2:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00401
Низкий
2.6 Low
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
почти 4 года назад
Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability.
EPSS
Процентиль: 60%
0.00401
Низкий
2.6 Low
CVSS2
Дефекты
CWE-352