PT-2018-13628 · Micropyramid · Django Crm

Abuvanth

·

Publicado

2018-09-05

·

Atualizado

2022-05-13

·

CVE-2018-16552

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions MicroPyramid Django-CRM version 0.2
Description The issue allows for CSRF attacks on specific API endpoints, including /users/create/, /users/##/edit/, and /accounts/##/delete/. This could potentially lead to unauthorized actions being performed on the application.
Recommendations For MicroPyramid Django-CRM version 0.2, as a temporary workaround, consider implementing CSRF protection measures for the affected API endpoints, such as /users/create/, /users/##/edit/, and /accounts/##/delete/, until a patch is available. Restrict access to these endpoints to minimize the risk of exploitation.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2018-16552
GHSA-HQ4R-47QC-3JHC
PYSEC-2018-65

Produtos afetados

Django Crm