Vulnerability CVE-2022-23904


Published: 2022-05-02

Description:
Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition.

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Rainworx -> Auctionworx 

 References:
https://ebereorisi.com/blog/account-privilege-upgrade-on-auctionworx-software-cve-2022-23904/
https://www.rainworx.com/

Copyright 2024, cxsecurity.com

 

Back to Top