Описание
A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.
Ссылки
- Product
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Product
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:dzzoffice:dzzoffice:2.02.1:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00085
Низкий
8.8 High
CVSS3
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.
EPSS
Процентиль: 25%
0.00085
Низкий
8.8 High
CVSS3
Дефекты
CWE-352
CWE-352