PT-2023-16293 · Vitalpbx · Vitalpbx
Carlos Bello
·
Published
2023-04-04
·
Updated
2023-04-10
·
CVE-2023-0480
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VitalPBX version 3.2.3-8
Description
The issue allows an unauthenticated external attacker to obtain the instance administrator's account due to the application being vulnerable to CSRF.
Recommendations
For VitalPBX version 3.2.3-8, update to a version that includes a fix for the CSRF vulnerability to prevent unauthorized access to the administrator's account.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vitalpbx