CVE-2018-19511

Name of the Vulnerable Software and Affected Versions Webgalamb version 7.0

Description The issue concerns a lack of security measures to prevent CSRF attacks. This can be demonstrated through the API endpoint "wg7.php?options=1" which allows changing the administrator password.

Recommendations For Webgalamb version 7.0, consider implementing proper CSRF protection mechanisms to prevent unauthorized changes to sensitive settings, such as the administrator password. As a temporary workaround, restrict access to the "wg7.php" endpoint to minimize the risk of exploitation.