Multiple Cross-Site Request Forgery Vulnerabilities in Simple Invoices

Simple Invoices is an open source, free web-based invoicing system. Three cross-site request forgery vulnerabilities exist in Simple Invoices version 2013.1.beta.8. A remote attacker can use these vulnerabilities to create a new administrator user account and take control of the entire applicatio...

CVE-2017-8930

Multiple cross-site request forgery CSRF vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can 1 create new administrator user accounts and take over the entire application, 2 create regular user accounts, or 3 change...