PT-2020-13286 · Ismartgate · Ismartgate Pro
Published
2020-09-24
·
Updated
2020-09-27
·
CVE-2020-12840
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
ismartgate PRO version 1.5.9
Description
The issue allows remote attackers to upload sound files via the "/index.php" API endpoint, potentially leading to unauthorized access or data modification.
Recommendations
For ismartgate PRO version 1.5.9, consider implementing proper CSRF protection mechanisms to prevent unauthorized requests, such as validating tokens or using same-site cookies to restrict access to the "/index.php" endpoint.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ismartgate Pro