PT-2021-11205 · Unknown · Advanced Webhost Billing System

Published

2021-01-08

Updated

2021-01-12

CVE-2020-25950

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Advanced Webhost Billing System version 3.7.0

Description: The issue allows Cross Site Request Forgery (CSRF) attacks, which can lead to the deletion of a contact from the My Additional Contact page.

Recommendations: For Advanced Webhost Billing System version 3.7.0, consider disabling the contact deletion functionality on the My Additional Contact page until a fix is available. Restrict access to this page to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-25950

Affected Products

Advanced Webhost Billing System

PT-2021-11205 · Unknown · Advanced Webhost Billing System

CVE-2020-25950

Weakness Enumeration

Related Identifiers

Affected Products

References · 4