Описание
CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests.
Ссылки
- ExploitThird Party AdvisoryURL Repurposed
- ExploitThird Party AdvisoryURL Repurposed
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:quadbase:espressreport_enterprise_server:7.0:update_7:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00206
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests.
EPSS
Процентиль: 43%
0.00206
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352