Description

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege.

Related CPE's

a

web-school

enterprise_resource_planning

5.0

Vulnerable

References

http://web-school.in

Product

https://github.com/0xrayan/CVEs/issues/2

ExploitIssue TrackingThird Party Advisory

https://web-school.in/try-demo/

Product

http://web-school.in

Product

https://github.com/0xrayan/CVEs/issues/2

ExploitIssue TrackingThird Party Advisory

https://web-school.in/try-demo/

Product

Weaknesses

[email protected]

Primary
CWE-352

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-08T10:15:12.727Z

4 years ago

Last modified

2024-11-21T05:03:19.947Z

1 year ago