2 matches found
CVE-2022-23904
Rainworx Auctionworx 3.1R2 is vulnerable to a Cross-Site Request Forgery CSRF attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition...
CVE-2022-23904
The CVE-2022-23904 entry describes a CSRF vulnerability in Rainworx Auctionworx prior to 3.1R2. Affected product version(s) allow an authenticated user to upgrade their own account to admin, enabling access to the Auctionworx admin control panel (Enterprise and Events Edition). Root cause is CSRF...