CVE-2021-47722

Sažetak

Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking authenticated users into loading the page.

Reference

https://www.axesstmc.com
https://www.exploit-db.com/exploits/50595
https://www.vulncheck.com/advisories/zucchetti-axess-cloki-access-control-cross-site-request-forgery
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5689.php

CVSS

Base:	3.5
Impact:	1.4
Exploitability:	2.1

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

23-12-2025 - 20:15

Objavljeno

23-12-2025 - 20:15