CVE-2023-4837

Published: Oct 10, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. This issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the vulnerability will not be fixed.

Affected (1)

Products: Smod: Smodbip

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Smod Smodbip	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

https://cert.pl/en/posts/2023/10/CVE-2023-4837/

Source: cvd@cert.pl

Third Party Advisory

https://cert.pl/posts/2023/10/CVE-2023-4837/

Source: cvd@cert.pl

Third Party Advisory

https://smod.pl/

Source: cvd@cert.pl

Product

https://cert.pl/en/posts/2023/10/CVE-2023-4837/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://cert.pl/posts/2023/10/CVE-2023-4837/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://smod.pl/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.