Описание
Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters.
Ссылки
- Exploit
- Vendor Advisory
- Patch
- Exploit
- Exploit
- Exploit
- Vendor Advisory
- Patch
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:dclassifieds:dclassifieds:0.1:final:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01512
Низкий
3.5 Low
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters.
EPSS
Процентиль: 81%
0.01512
Низкий
3.5 Low
CVSS2
Дефекты
CWE-352