PT-2018-17262 · Unknown · Rsvp Invitation Online

Ihsan Sencan

Published

2018-01-24

Updated

2018-02-12

CVE-2018-5976

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: RSVP Invitation Online version 1.0

Description: A Cross Site Request Forgery (CSRF) issue exists, allowing modification of the admin password via the function/account.php endpoint.

Recommendations: For RSVP Invitation Online version 1.0, consider disabling the function/account.php endpoint until a patch is available to prevent CSRF attacks. Restrict access to this endpoint to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-5976

Affected Products

Rsvp Invitation Online

PT-2018-17262 · Unknown · Rsvp Invitation Online

CVE-2018-5976

Weakness Enumeration

Related Identifiers

Affected Products

References · 3