4 matches found
CVE-2023-2552
Cross-Site Request Forgery CSRF in GitHub repository unilogies/bumsys prior to 2.1.1...
CVE-2023-2552 Cross-Site Request Forgery (CSRF) in unilogies/bumsys
Cross-Site Request Forgery CSRF in GitHub repository unilogies/bumsys prior to 2.1.1...
CVE-2023-2552
CVE-2023-2552 describes a CSRF vulnerability in unilogies/bumsys prior to 2.1.1. Connected sources provide a PoC: an attacker can reach ajax.php via /accounts/ajax without CSRF token, bypassing the check, potentially enabling unauthorized actions side-channel via a crafted request. The vulnerabil...
CVE-2023-2552 Cross-Site Request Forgery (CSRF) in unilogies/bumsys
Cross-Site Request Forgery CSRF in GitHub repository unilogies/bumsys prior to 2.1.1...