CVE-2020-12282

Sažetak

iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)

Reference

https://ismartgate.com/secure-garage-door/
https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

27-09-2020 - 22:27

Objavljeno

24-09-2020 - 16:15