CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-11818

In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.4%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://fatihhcelik.blogspot.com/2020/01/rukovoditel-csrf-bypass-privilege.html
https://fatihhcelik.blogspot.com/2020/01/rukovoditel-csrf-bypass-privilege.html

Products affected by CVE-2020-11818

Rukovoditel » Rukovoditel » Version: 2.5.2

cpe:2.3:a:rukovoditel:rukovoditel:2.5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11818

Products

Pricing

Contact Us