EPSS
Percentile
40.4%
yetiforce/yetiforce-crm is vulnerable to cross-site request forgery. The vulnerability exists due to insufficient permissions checks which allows a malicious attacker to create a new admin account and cause a csrf attack.
github.com/advisories/GHSA-7g7r-gr46-q4p5
github.com/yetiforcecompany/yetiforcecrm/commit/298c7870e6fe4332d8aa1757a9c8d79f841389ff
huntr.dev/bounties/a0470915-f6df-45b8-b3a2-01aebe764df0
huntr.dev/bounties/a0470915-f6df-45b8-b3a2-01aebe764df0/