PT-2022-25882 · Rpcms · Rpcms

Ahisec

Published

2022-10-13

Updated

2022-10-14

CVE-2022-41475

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RPCMS version 3.0.2

Description The issue allows attackers to arbitrarily add an administrator account due to a Cross-Site Request Forgery (CSRF). This can be exploited by attackers to gain unauthorized access to the system.

Recommendations For RPCMS version 3.0.2, consider disabling the functionality that allows adding administrator accounts until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2022-41475

Affected Products

Rpcms

PT-2022-25882 · Rpcms · Rpcms

CVE-2022-41475

Weakness Enumeration

Related Identifiers

Affected Products

References · 4