Vulnerability Details CVE-2019-9883
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2019-9883
-
cpe:2.3:a:hgiga:msr35_isherlock-base:*
-
cpe:2.3:a:hgiga:msr35_isherlock-sysinfo:*
-
cpe:2.3:a:hgiga:msr35_isherlock-user:*
-
cpe:2.3:a:hgiga:msr35_isherlock-useradmin:*
-
cpe:2.3:a:hgiga:msr45_isherlock-base:*
-
cpe:2.3:a:hgiga:msr45_isherlock-sysinfo:*
-
cpe:2.3:a:hgiga:msr45_isherlock-user:*
-
cpe:2.3:a:hgiga:msr45_isherlock-useradmin:*