Описание
Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:campusvirtualcomputrade:campus_virtual-lms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00196
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php.
EPSS
Процентиль: 42%
0.00196
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352