PT-2023-24335 · Minical · Minical

Thirukrishnan

Publicado

2023-06-05

Atualizado

2025-01-08

CVE-2023-33409

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Minical version 1.0.0

Description The issue is related to Cross Site Request Forgery (CSRF) via the minical/public/application/controllers/settings/company.php file. This means an attacker could potentially trick a user into performing unintended actions on the web application.

Recommendations For Minical version 1.0.0, as a temporary workaround, consider restricting access to the minical/public/application/controllers/settings/company.php file until a patch is available.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2023-33409

Produtos afetados

Minical

PT-2023-24335 · Minical · Minical

CVE-2023-33409

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7