CVE-2019-15496

Name of the Vulnerable Software and Affected Versions MyT Project Management version 1.5.1

Description The issue lacks CSRF protection, allowing for a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

Recommendations For MyT Project Management version 1.5.1, consider implementing CSRF protection mechanisms to prevent such attacks. As a temporary workaround, restrict access to the user creation functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.