Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2018-19410
HistoryNov 21, 2018 - 4:29 p.m.

Cross site request forgery (csrf)

2018-11-2116:29:00
PRIOn knowledge base
www.prio-n.com
2

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.2%

JSON

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the ‘include’ directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the ‘id’ and ‘users’ parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).

CPENameOperatorVersion
prtg_network_monitorlt18.2.40.1683

Related

ptsecurity 1
cve 1
nvd 1
cvelist 1
openvas 1
ptsecurity
ptsecurity
PT-2018-24: Authentication Bypass, Improper Authorization and Local File Inclusion in PRTG Network Monitor
2018-05-25 00:00:00
cve
cve
CVE-2018-19410
2022-10-03 16:21:57
nvd
nvd
CVE-2018-19410
2018-11-21 16:29:00
cvelist
cvelist
CVE-2018-19410
2022-10-03 16:21:57
openvas
openvas
PRTG Network Monitor <= 18.2.39.1661 Multiple Vulnerabilities
2018-11-22 00:00:00

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.2%

JSON
Related for PRION:CVE-2018-19410
ptsecurity1cve1nvd1cvelist1openvas1