CVE-2021-47723

STVS ProVision Cross-Site Request Forgery (Add Admin)

CVSS 6.9 MEDIUMEPSS 0.2%CWE-352

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Produtos afetados

STVS SA · STVS ProVision

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.exploit-db.com/exploits/49482 https://www.vulncheck.com/advisories/stvs-provision-cross-site-request-forgery-add-admin https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5625.php http://www.stvs.ch