Lucene search
Irfansayyed-github8834C356-4DDB-4BE7-898B-D76F480E9C3FHistorySep 21, 2022 - 1:58 p.m.
CSRF to change the email id
2022-09-2113:58:20
irfansayyed-github
www.huntr.dev
12
csrf
email id
vulnerable
EPSS
0.001
Percentile
21.4%
Description
The change email ID is vulnerable to CSRF. The attacker can change the email ID of the user.
Proof of Concept
1.Login into the application https://rdiffweb-demo.ikus-soft.com.
2.Open the URL https://rdiffweb-demo.ikus-soft.com/prefs/general?username=admin&email=csrf%40test.com&action=set_profile_info.
3.The email ID of the user is changed.
4.The email ID is changed.
Related
cve
cve
CVE-2022-3274
2022-09-22 19:15:09
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2022-09-22 19:15:00
github
github
osv
osv
CVE-2022-3274
2022-09-22 19:15:09
PYSEC-2022-289
2022-09-22 19:15:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2022-09-23 04:56:33
nvd
nvd
CVE-2022-3274
2022-09-22 19:15:09
kaspersky
kaspersky
KLA20110 Multiple vulnerabilities in Wireshark
2022-10-26 00:00:00
nessus
nessus
Wireshark 3.6.x < 3.6.9 Multiple Vulnerabilities (macOS)
2022-10-27 00:00:00
Wireshark 3.6.x < 3.6.9 Multiple Vulnerabilities
2022-10-27 00:00:00