PT-2008-5268 · Opendb · Opendb
Publicado
2008-09-05
·
Atualizado
2008-09-05
·
CVE-2008-3938
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenDb version 1.0.6
Description
A cross-site request forgery (CSRF) issue exists, allowing remote attackers to change arbitrary passwords. This is achieved via an update password action in the user admin.php file.
Recommendations
For OpenDb version 1.0.6, consider implementing CSRF protection mechanisms, such as tokens, to prevent unauthorized password changes. As a temporary workaround, restrict access to the user admin.php file until a patch is available.
Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Opendb