vendor:
Digirez
by:
Ihsan Sencan
5.5
CVSS
MEDIUM
Cross-Site Request Forgery
352
CWE
Product Name: Digirez
Affected Version From: 3.4
Affected Version To: 3.4
Patch Exists: NO
Related CWE:
CPE: a:digirez:3.4
Platforms Tested: Windows 7 x64, Kali Linux x64
2017
Digirez 3.4 – Cross-Site Request Forgery (Update User & Admin)
The Digirez 3.4 application is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this vulnerability to update user and admin accounts without proper authentication.
Mitigation:
To mitigate this vulnerability, it is recommended to implement CSRF tokens in the application's forms and validate them on the server side.