PT-2018-14458 · Destoon · Destoon B2B

Published

2018-10-17

Updated

2018-11-29

CVE-2018-18432

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DESTOON B2B version 7.0

Description An issue exists where CSRF is possible via the "admin.php" URI in an "action=add" request.

Recommendations For DESTOON B2B version 7.0, consider implementing CSRF protection mechanisms, such as tokens, to prevent exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2018-18432

Destoon B2B