exploitDog

CVE-2010-0707

Опубликовано: 25 фев. 2010

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in add_user.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users. NOTE: some of these details are obtained from third party information.

Ссылки

http://osvdb.org/62478
http://secunia.com/advisories/38662
Vendor Advisory
http://www.exploit-db.com/exploits/11516
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/56410
http://osvdb.org/62478
http://secunia.com/advisories/38662
Vendor Advisory
http://www.exploit-db.com/exploits/11516
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/56410

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:timeclock-software:employee_timeclock_software:0.99:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00084

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-qj7f-5543-55f6

github

почти 4 года назад

Cross-site request forgery (CSRF) vulnerability in add_user.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users. NOTE: some of these details are obtained from third party information.

EPSS

Процентиль: 25%

0.00084

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352