app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI.
References
Link | Resource |
---|---|
https://github.com/anx1ang/notes/issues/1 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-10-17 13:15
Updated : 2024-02-04 20:39
NVD link : CVE-2019-17676
Mitre link : CVE-2019-17676
CVE.ORG link : CVE-2019-17676
JSON object : View
Products Affected
metinfo
- metinfo
CWE
CWE-352
Cross-Site Request Forgery (CSRF)