05 Aoû 2017
CVE-2017-12584 - CVE Vulnerability
There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation. (CVSS:0.0) (Last Update:2017-08-05)
Vulnerability Details : There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation. Publish Date : 2017-08-05 Last Update Date : 2017-08-05 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2017-12584
- References For CVE-2017-12584
| ||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2017-12584There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |