vendor:
Text Exchange Script
by:
bi0
8.3
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: Text Exchange Script
Affected Version From: 1
Affected Version To: 1
Patch Exists: YES
Related CWE: N/A
CPE: a:scripts-gate:text_exchange_script:1.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009
Text Exchange Pro – [ CSRF ] Create Administrator Account
A CSRF vulnerability exists in Text Exchange Pro, which allows an attacker to create an administrator account with full privileges. An attacker can craft a malicious HTML page containing a form with hidden fields that when submitted, will create an administrator account with full privileges. The form can be submitted without the user's knowledge or consent.
Mitigation:
Disable CSRF Protection