Информационная безопасность
[RU] switch to English


CVECVE-2015-6545
СтатусCandidate
ОписаниеCross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.
Важность
Medium
CVSS score6,8
CVSS vector(AV:N/AC:M/Au:N/C:P/I:P/A:P)
PhaseAssigned (20.08.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6545
ReferencesBUGTRAQ : 20150902 Cross-Site Request Forgery in Cerb
 CONFIRM : http://wiki.cerbweb.com/7.0#7.0.4
 CONFIRM : https://github.com/wgm/cerb/commit/12de87ff9961a4f...
 MISC : https://www.htbridge.com/advisory/HTB23269
SecurityVulns:Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород