PT-2022-19970 · Lumidek Associates · Lumidek Associates Simple Food Website

Saket Saurav

Published

2022-05-23

Updated

2022-05-30

CVE-2022-30014

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Lumidek Associates Simple Food Website version 1.0

Description The issue allows anyone to take over admin or moderator accounts due to Cross Site Request Forgery (CSRF). This means an attacker can perform actions on behalf of the admin or moderator without their knowledge or consent.

Recommendations For Lumidek Associates Simple Food Website version 1.0, consider implementing proper CSRF protection mechanisms, such as tokens or headers, to prevent unauthorized requests. As a temporary workaround, restrict access to admin and moderator accounts until a proper fix is applied.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2022-30014

Affected Products

Lumidek Associates Simple Food Website

PT-2022-19970 · Lumidek Associates · Lumidek Associates Simple Food Website

CVE-2022-30014

Weakness Enumeration

Related Identifiers

Affected Products

References · 6