exploitDog

CVE-2019-15496

Опубликовано: 28 авг. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

Ссылки

https://www.sevenlayers.com/index.php/240-myt-project-management-1-5-1-csrf
Exploit
Third Party Advisory
https://www.sevenlayers.com/index.php/240-myt-project-management-1-5-1-csrf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:manageyourteam:myt_project_management:1.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00145

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-gxrj-g75w-wr3m

CVSS3: 8.8

github

больше 3 лет назад

MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

EPSS

Процентиль: 35%

0.00145

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352