CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-1000506

Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.6%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://advisories.dxw.com/advisories/csrf-metronet-tag-manager/
https://advisories.dxw.com/advisories/csrf-metronet-tag-manager/

Products affected by CVE-2018-1000506

Mediaron » Metronet Tag Manager » Version: 1.2.7

cpe:2.3:a:mediaron:metronet_tag_manager:1.2.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000506

Products

Pricing

Contact Us