PT-2019-18728 · Mywebsql · Mywebsql

Eddie Tc Chang

+2

·

Publicado

2019-02-11

·

Atualizado

2019-02-12

·

CVE-2019-7730

CVSS v3.1

5.7

Média

VetorAV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions MyWebSQL version 3.7
Description The issue allows for Cross-site request forgery (CSRF) that can be used to delete a database. This can be achieved via the "/?q=wrkfrm&type=databases" API endpoint.
Recommendations For MyWebSQL version 3.7, consider restricting access to the "/?q=wrkfrm&type=databases" API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2019-7730

Produtos afetados

Mywebsql