exploitDog

CVE-2022-40291

Опубликовано: 31 окт. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.

Ссылки

https://www.themissinglink.com.au/security-advisories/cve-2022-40291
Third Party Advisory
https://www.themissinglink.com.au/security-advisories/cve-2022-40291
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phppointofsale:php_point_of_sale:19.0:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00134

Низкий

8.8 High

CVSS3

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-h574-vqwj-2h27

CVSS3: 8.8

github

больше 3 лет назад

The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.

EPSS

Процентиль: 33%

0.00134

Низкий

8.8 High

CVSS3

Дефекты

CWE-352

CWE-352