Vulnerability Details CVE-2019-13949
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://fragrant10.github.io/2019/02/22/SyGuestBookA5%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.html
- https://github.com/fragrant10/fragrant10.github.io/blob/master/_posts/2019-02-22-SyGuestBookA5%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md
- https://fragrant10.github.io/2019/02/22/SyGuestBookA5%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.html
- https://github.com/fragrant10/fragrant10.github.io/blob/master/_posts/2019-02-22-SyGuestBookA5%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md
Products affected by CVE-2019-13949
-
cpe:2.3:a:syguestbook_a5_project:syguestbook_a5:1.2