PT-2018-13628 · Micropyramid · Django Crm

Abuvanth

Published

2018-09-05

Updated

2022-05-13

CVE-2018-16552

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MicroPyramid Django-CRM version 0.2

Description The issue allows for CSRF attacks on specific API endpoints, including /users/create/, /users/##/edit/, and /accounts/##/delete/. This could potentially lead to unauthorized actions being performed on the application.

Recommendations For MicroPyramid Django-CRM version 0.2, as a temporary workaround, consider implementing CSRF protection measures for the affected API endpoints, such as /users/create/, /users/##/edit/, and /accounts/##/delete/, until a patch is available. Restrict access to these endpoints to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-16552

GHSA-HQ4R-47QC-3JHC

PYSEC-2018-65

Affected Products

Django Crm

PT-2018-13628 · Micropyramid · Django Crm

CVE-2018-16552

Weakness Enumeration

Related Identifiers

Affected Products

References · 7