Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/simpleinvoices/simpleinvoices/issues/270 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-05-14T22:00:00Z
Updated: 2024-09-16T23:16:53.985Z
Reserved: 2017-05-14T00:00:00Z
Link: CVE-2017-8930
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-05-14T22:29:00.273
Modified: 2024-11-21T03:35:00.257
Link: CVE-2017-8930
Redhat
No data.