PT-2021-18673 · Unknown · Rukovoditel
Victomteng1997
·
Published
2021-04-29
·
Updated
2021-05-03
·
CVE-2021-30224
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rukovoditel version 2.8.3
Description
The issue allows attackers to perform a Cross Site Request Forgery (CSRF) attack, enabling them to create an admin user with arbitrary credentials.
Recommendations
For Rukovoditel version 2.8.3, update to a version that contains a fix for this issue, as using arbitrary credentials can lead to unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rukovoditel