← back
CVE-2021-47723

STVS ProVision Cross-Site Request Forgery (Add Admin)

CVSS 6.9 MEDIUMEPSS 0.2%CWE-352
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
STVS SA · STVS ProVision

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/49482https://www.vulncheck.com/advisories/stvs-provision-cross-site-request-forgery-add-adminhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5625.phphttp://www.stvs.ch