exploitDog

CVE-2017-8930

Опубликовано: 14 мая 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules.

Ссылки

https://github.com/simpleinvoices/simpleinvoices/issues/270
Third Party Advisory
https://github.com/simpleinvoices/simpleinvoices/issues/270
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simpleinvoices:simple_invoices:2013.1:beta8:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00118

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-425m-4v5p-2xch

CVSS3: 8.8

github

больше 3 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules.

EPSS

Процентиль: 31%

0.00118

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352