Описание
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitTechnical DescriptionThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:frontaccounting:frontaccounting:2.4.3:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00176
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
ubuntu
почти 8 лет назад
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).
CVSS3: 8.8
debian
почти 8 лет назад
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding ...
CVSS3: 8.8
github
больше 3 лет назад
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).
EPSS
Процентиль: 39%
0.00176
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352