header-logo
Suggest Exploit
vendor:
Front Accounting
by:
AutoSec Tools
3.3
CVSS
LOW
Cross-site Request Forgery
352
CWE
Product Name: Front Accounting
Affected Version From: 2.3.2004
Affected Version To: 2.3.2004
Patch Exists: NO
Related CWE: N/A
CPE: a:frontaccounting:front_accounting:2.3.4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows Vista + XAMPP
2011

Front Accounting 2.3.4 Cross-site Request Forgery

A cross-site request forgery vulnerability in Front Accounting 2.3.4 can be exploited to create a new admin.

Mitigation:

Implementing a security policy that requires user authentication for all requests.
Source

Exploit-DB raw data: