PT-2018-12942 · Onethink · Onethink
Usermuzilio
·
Published
2018-08-08
·
Updated
2018-10-04
·
CVE-2018-15198
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OneThink version 1.1
Description
An issue was discovered that allows for a CSRF vulnerability. The vulnerability can be exploited through the "admin.php?s=/User/add.html" endpoint, which can add a user.
Recommendations
For OneThink version 1.1, consider implementing CSRF protection measures to prevent unauthorized actions, such as adding a user through the "admin.php?s=/User/add.html" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Onethink