Описание
Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack.
EPSS
Процентиль: 9%
0.00033
Низкий
8.1 High
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
около 1 года назад
A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to execute arbitrary operations via supplying a crafted HTTP request.
EPSS
Процентиль: 9%
0.00033
Низкий
8.1 High
CVSS3
Дефекты
CWE-352