Cross site request forgery (csrf)

2019-06-1018:29:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.9%

JSON

WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner.

CPENameOperatorVersion
wampserverlt3.1.9

CPE	Name	Operator	Version
	wampserver	lt	3.1.9

References

seclists.org/bugtraq/2019/Jun/10