PT-2018-9404 · Metronet · Metronet Tag Manager

Mallory Adams

Publicado

2018-06-26

Atualizado

2018-08-30

CVE-2018-1000506

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Metronet Tag Manager versions 1.2.7 through 1.2.8

Description The issue is a Cross-Site Request Forgery (CSRF) vulnerability located in the Settings page at the "/wp-admin/options-general.php?page=metronet-tag-manager" endpoint. This vulnerability can be exploited when a logged-in user follows a malicious link, potentially allowing an attacker to perform actions with admin privileges.

Recommendations For Metronet Tag Manager versions 1.2.7 through 1.2.8, update to version 1.2.9 to resolve the issue.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2018-1000506

Produtos afetados

Metronet Tag Manager

PT-2018-9404 · Metronet · Metronet Tag Manager

CVE-2018-1000506

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3