exploitDog

CVE-2019-18414

Опубликовано: 24 окт. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page.

Ссылки

https://www.sevenlayers.com/index.php/263-restaurant-management-system-csrf
Exploit
Third Party Advisory
https://www.sevenlayers.com/index.php/263-restaurant-management-system-csrf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sourcecodester:restaurant_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00182

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-6rgw-q9g8-wg2r

CVSS3: 8.8

github

больше 3 лет назад

Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page.

EPSS

Процентиль: 40%

0.00182

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352