PT-2019-13625 · Schben · Schben Adive
Published
2019-08-06
·
Updated
2019-08-13
·
CVE-2019-14346
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Schben Adive version 2.0.7
Description
The issue allows for admin/config CSRF, enabling an attacker to change a user's password. This is possible due to a vulnerability in the Internal/Views/config.php file.
Recommendations
For Schben Adive version 2.0.7, consider restricting access to the config.php file to prevent unauthorized changes, and ensure that proper CSRF protection mechanisms are implemented to prevent password changes without proper authentication.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Schben Adive