Computer Security
[EN] securityvulns.ru no-pyccku


CVECVE-2015-6545
StatusCandidate
DescriptionCross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.
Severity
Medium
CVSS score6,8
CVSS vector(AV:N/AC:M/Au:N/C:P/I:P/A:P)
PhaseAssigned (20.08.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6545
ReferencesBUGTRAQ : 20150902 Cross-Site Request Forgery in Cerb
 CONFIRM : http://wiki.cerbweb.com/7.0#7.0.4
 CONFIRM : https://github.com/wgm/cerb/commit/12de87ff9961a4f...
 MISC : https://www.htbridge.com/advisory/HTB23269
SecurityVulns:Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod