← voltar
CVE-2019-11457

CVE-2019-11457

CVSS 8.8 HIGHEPSS 1.1%
Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.
CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/154219/Django-CRM-0.2.1-Cross-Site-Request-Forgery.htmlhttp://seclists.org/fulldisclosure/2019/Aug/30https://www.netsparker.com/blog/web-security/