Описание
Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1 (включая)Версия до 3.1 (включая)
Одно из
cpe:2.3:a:rainworx:auctionworx:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:rainworx:auctionworx:*:*:*:*:events:*:*:*
EPSS
Процентиль: 40%
0.00184
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8
github
почти 4 года назад
Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition.
EPSS
Процентиль: 40%
0.00184
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-352