vendor:
DigiAffiliate
by:
Ihsan Sencan
5.5
CVSS
MEDIUM
Cross-Site Request Forgery
352
CWE
Product Name: DigiAffiliate
Affected Version From: 1.4
Affected Version To: 1.4
Patch Exists: NO
Related CWE:
CPE: a:digiappz:digiaffiliate:1.4
Platforms Tested: WiN7_x64, KaLiLinuX_x64
2017
DigiAffiliate 1.4 – Cross-Site Request Forgery (Update Admin)
This exploit allows an attacker to perform Cross-Site Request Forgery attacks on DigiAffiliate version 1.4. The attacker can update the admin account by sending a crafted request to the user_save.asp endpoint.
Mitigation:
To mitigate this vulnerability, users should update to a newer version of DigiAffiliate that includes a fix for this issue. Additionally, users should be cautious when clicking on links or submitting forms on websites to prevent CSRF attacks.