← back
CVE-2013-6826

CVE-2013-6826

EPSS 1.9%
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/123980/fortianalyzer-xsrf.txtunverifiedexploitdbwww.exploit-db.com/exploits/38824unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txthttp://www.securityfocus.com/bid/63663