Описание
Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items.
Ссылки
- Permissions RequiredVendor Advisory
- ExploitThird Party Advisory
- Permissions RequiredVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:mini-inventory-and-sales-management-system_project:mini-inventory-and-sales-management-system:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00086
Низкий
5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 5
github
почти 4 года назад
Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items.
EPSS
Процентиль: 25%
0.00086
Низкий
5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-352