exploitDog

CVE-2021-30114

Опубликовано: 08 апр. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege.

Ссылки

http://web-school.in
Product
https://github.com/0xrayan/CVEs/issues/2
Exploit
Issue Tracking
Third Party Advisory
https://web-school.in/try-demo/
Product
http://web-school.in
Product
https://github.com/0xrayan/CVEs/issues/2
Exploit
Issue Tracking
Third Party Advisory
https://web-school.in/try-demo/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:web-school:enterprise_resource_planning:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00137

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-m374-xxjc-qg9p

github

больше 3 лет назад

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege.

EPSS

Процентиль: 34%

0.00137

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352