CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-06-24T18:10:08

Updated: 2024-08-04T22:10:08.434Z

Reserved: 2019-03-23T00:00:00

Link: CVE-2019-9958

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-06-24T19:15:10.867

Modified: 2024-11-21T04:52:40.437

Link: CVE-2019-9958

cve-icon Redhat

No data.