Bravo Tejari · Bravo Tejari Procurement Portal · CVE-2018-7216
**Name of the Vulnerable Software and Affected Versions**
Bravo Tejari Procurement Portal (affected versions not specified)
**Description**
A cross-site request forgery (CSRF) issue exists due to the lack of anti-CSRF tokens, allowing remote authenticated users to hijack the authentication of application users for requests that modify their personal data. This can be achieved by leveraging the `esop/toolkit/profile/regData.do` endpoint.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.