← Back

CVE-2013-6826

nvd nist
Published: Nov 20, 2013Modified: Apr 29, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.

Affected (7)

Fortinet
7 products
Fortianalyzer Firmware
Fortianalyzer 1000d
Fortianalyzer 2000b
Fortianalyzer 200d
Fortianalyzer 3000d
Fortianalyzer 300d
Fortianalyzer 4000b
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Fortianalyzer Firmware
Up to 5.0.4
Fortianalyzer 1000d
All versions
Fortianalyzer 2000b
All versions
Fortianalyzer 200d
All versions
Fortianalyzer 3000d
All versions
Fortianalyzer 300d
All versions
Fortianalyzer 4000b
All versions

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.