PT-2019-13875 · Bagisto · Bagisto

Vikramrajvashisth

Published

2019-08-11

Updated

2022-05-24

CVE-2019-14933

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 0.1.5

Description The issue allows for CSRF under "/admin" URIs. This can potentially lead to unauthorized actions being performed on the application.

Recommendations For versions prior to 0.1.5, update to version 0.1.5 or later to resolve the issue. As a temporary workaround, consider implementing CSRF protection measures, such as token-based validation, to mitigate the risk of exploitation. Restrict access to the "/admin" URI to minimize the risk of unauthorized actions.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2019-14933

GHSA-PGWP-F3XH-M24G

Affected Products

Bagisto

PT-2019-13875 · Bagisto · Bagisto

CVE-2019-14933

Weakness Enumeration

Related Identifiers

Affected Products

References · 7