CVE-2023-34839

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Issabel issabel-pbx version 4.0.0-6

Description A Cross Site Request Forgery (CSRF) issue allows a remote attacker to gain privileges by creating a new user function in the application via a custom CSRF exploit.

Recommendations For Issabel issabel-pbx version 4.0.0-6, consider disabling the user creation function as a temporary workaround until a patch is available. Restrict access to the application to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2023-34839

Affected Products

Issabel

CVE-2023-34839

Weakness Enumeration

Related Identifiers

Affected Products

References · 5