CVE-2019-25242

Sažetak

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by tricking authenticated users into loading a specially crafted webpage.

Reference

http://www.iwt.com.hk
https://www.exploit-db.com/exploits/47065
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5524.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5524.php

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

24-12-2025 - 21:16

Objavljeno

24-12-2025 - 20:15