Описание
This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack.
Ссылки
- Broken Link
- ExploitThird Party Advisory
- Broken Link
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:sqlite-web_project:sqlite-web:-:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00141
Низкий
7.6 High
CVSS3
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
EPSS
Процентиль: 34%
0.00141
Низкий
7.6 High
CVSS3
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352