ID CVE-2019-15496Type cveReporter cve@mitre.orgModified 2019-08-30T18:44:00
Description
MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.
{"id": "CVE-2019-15496", "bulletinFamily": "NVD", "title": "CVE-2019-15496", "description": "MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.", "published": "2019-08-28T17:15:00", "modified": "2019-08-30T18:44:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15496", "reporter": "cve@mitre.org", "references": ["https://www.sevenlayers.com/index.php/240-myt-project-management-1-5-1-csrf"], "cvelist": ["CVE-2019-15496"], "type": "cve", "lastseen": "2019-08-31T10:47:53", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2019-15496"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-08-29T10:46:38", "references": []}, "score": {"modified": "2019-08-29T10:46:38", "value": 4.3, "vector": "NONE"}}, "hash": "7272ef542c5d43f96ae9c1bbe56f1515d05d3c796e7ce4127249ac138a815bf5", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "5d4675bfc77870483bcadbad94457ade", "key": "published"}, {"hash": "e74686460b9e183c622f33aae095d832", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "7c72367c4b1054b47d3449f25ec07bb6", "key": "href"}, {"hash": "a948005e02941739e214aa4f794ccf92", "key": "references"}, {"hash": "37d572d2c76dbe2f42cf74a38a4d11f7", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "ee8c13f269c62a7cc69477bd0bfa830f", "key": "modified"}, {"hash": "abc2c13e66d707db4bb6a26e4bf2483c", "key": "cvelist"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15496", "id": "CVE-2019-15496", "lastseen": "2019-08-29T10:46:38", "modified": "2019-08-28T18:37:00", "objectVersion": "1.3", "published": "2019-08-28T17:15:00", "references": ["https://www.sevenlayers.com/index.php/240-myt-project-management-1-5-1-csrf"], "reporter": "cve@mitre.org", "title": "CVE-2019-15496", "type": "cve", "viewCount": 0}, "differentElements": ["cpe23", "cvss", "cvss3", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 1, "lastseen": "2019-08-29T10:46:38"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "c188e149e75f4a9b6013bbd65bce6f53"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "7347c7a2ae4cc0749c4b6d09d8a64aac"}, {"key": "cpe23", "hash": "d54d2ffaa11372344b2cb364ac2819b5"}, {"key": "cvelist", "hash": "abc2c13e66d707db4bb6a26e4bf2483c"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "cvss2", "hash": "f0cab2ed51281c3cddb6cdf3ee00cdac"}, {"key": "cvss3", "hash": "f933c9dd1fb2aae2ecb00b9abdb0445a"}, {"key": "cwe", "hash": "af0af2f5bbde88e770c1690312b27188"}, {"key": "description", "hash": "37d572d2c76dbe2f42cf74a38a4d11f7"}, {"key": "href", "hash": "7c72367c4b1054b47d3449f25ec07bb6"}, {"key": "modified", "hash": "a3a500c7b27362f8f23960bb5dbbdf86"}, {"key": "published", "hash": "5d4675bfc77870483bcadbad94457ade"}, {"key": "references", "hash": "a948005e02941739e214aa4f794ccf92"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "e74686460b9e183c622f33aae095d832"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ad7e684417c56c1ea3f8526ff6b05ffcaeb7fd3a70b0eb953ee305e817915835", "viewCount": 1, "enchantments": {"dependencies": {"references": [], "modified": "2019-08-31T10:47:53"}, "score": {"value": 4.3, "vector": "NONE", "modified": "2019-08-31T10:47:53"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:manageyourteam:myt_project_management:1.5.1"], "affectedSoftware": [{"name": "manageyourteam myt_project_management", "operator": "eq", "version": "1.5.1"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:manageyourteam:myt_project_management:1.5.1:*:*:*:*:*:*:*"], "cwe": ["CWE-352"], "scheme": null}
{}
