Vulnerability CVE-2019-9604

Vulnerability CVE-2019-9604

Published: 2019-03-29

Description:

PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions.

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	6.4/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Online lottery php readymade script project -> Online lottery php readymade script

References:

https://hackingvila.wordpress.com/2019/03/06/php-scripts-mall-online-lottery-php-readymade-script-1-7-0-has-cross-site-request-forgery-csrf-for-edit-profile-actionscve-2019-9604/

Vulnerability CVE-2019-9604

PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions.

CWE-352

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

6.8/10

6.4/10

8.6/10

Remote

Medium

No required

Partial

Partial

Partial

Affected software

References: