Описание
CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.
Ссылки
- Broken LinkProduct
- ExploitThird Party Advisory
- Broken LinkProduct
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:auieo:candidats:3.0.0:-:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00078
Низкий
8.8 High
CVSS3
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.
EPSS
Процентиль: 23%
0.00078
Низкий
8.8 High
CVSS3
Дефекты
CWE-352
CWE-352