Vulnerability Details CVE-2022-38359
Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit by means of a crafted link.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.8%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-38359
-
cpe:2.3:a:eyeofnetwork:eyes_of_network_web:5.3