exploitDog

CVE-2020-25562

Опубликовано: 11 авг. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent.

Ссылки

https://vuln.shellcoder.party/2020/09/19/cve-2020-25562-sapphireims-csrf/
Exploit
Third Party Advisory
https://vuln.shellcoder.party/tags/sapphireims/
Third Party Advisory
https://vuln.shellcoder.party/2020/09/19/cve-2020-25562-sapphireims-csrf/
Exploit
Third Party Advisory
https://vuln.shellcoder.party/tags/sapphireims/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sapphireims:sapphireims:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00117

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-hmhg-p5vw-r4wj

github

больше 3 лет назад

In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent.

EPSS

Процентиль: 31%

0.00117

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352