PT-2021-11149 · Unknown · Sapphireims

Tanoy Bose

Published

2021-08-11

Updated

2021-08-16

CVE-2020-25562

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: SapphireIMS version 5.0

Description: The issue is related to the absence of a CSRF token in the entire application, which can lead to CSRF vulnerabilities in critical application forms, such as account reset.

Recommendations: For SapphireIMS version 5.0, consider implementing CSRF tokens in all forms to prevent cross-site request forgery attacks. As a temporary workaround, restrict access to critical application forms like account reset to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-25562

Affected Products

Sapphireims

PT-2021-11149 · Unknown · Sapphireims

CVE-2020-25562

Weakness Enumeration

Related Identifiers

Affected Products

References · 5