PT-2019-16808 · Wallace · Wallacepos
Published
2019-07-31
·
Updated
2019-08-02
·
CVE-2019-3959
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WallacePOS version 1.4.3
Description
The issue allows a remote attacker to perform sensitive actions by tricking users into clicking a crafted link, potentially leading to unauthorized application actions.
Recommendations
For WallacePOS version 1.4.3, consider implementing anti-CSRF measures, such as token-based validation, to prevent exploitation. As a temporary workaround, restrict access to sensitive application actions to minimize the risk of unauthorized access.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wallacepos