8.8
CVE-2019-9883
- EPSS 0.15%
- Veröffentlicht 03.06.2019 18:29:06
- Zuletzt bearbeitet 21.11.2024 04:52:30
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginMulti modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hgiga ≫ Msr35 Isherlock-base Version < 1.5.328
Hgiga ≫ Msr35 Isherlock-sysinfo Version < 1.5.196
Hgiga ≫ Msr35 Isherlock-user Version < 1.5.127
Hgiga ≫ Msr35 Isherlock-useradmin Version < 1.5.239
Hgiga ≫ Msr45 Isherlock-base Version < 4.5-206
Hgiga ≫ Msr45 Isherlock-sysinfo Version < 4.5-109
Hgiga ≫ Msr45 Isherlock-user Version < 4.5-81
Hgiga ≫ Msr45 Isherlock-useradmin Version < 4.5-106
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.355 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.