PT-2020-11986 · Vtech · Vtecrm Vtenext
Published
2020-09-14
·
Updated
2020-09-18
·
CVE-2020-10229
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
vtecrm vtenext version 19 CE
Description
A CSRF issue allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.
Recommendations
For vtecrm vtenext version 19 CE, consider implementing CSRF protection mechanisms, such as tokens or headers, to prevent unwanted actions. As a temporary workaround, restrict access to sensitive administrator functions until a patch is available.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vtecrm Vtenext