CVE-2019-9958

Name of the Vulnerable Software and Affected Versions EspressReport ES (ERES) version 7.0 update 7

Description The issue allows remote attackers to escalate privileges or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests. This is achieved through a CSRF attack within the admin panel.

Recommendations For EspressReport ES (ERES) version 7.0 update 7, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests from being processed. As a temporary workaround, restrict access to the admin panel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.