CVE-2013-2713

Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
krisonavkrisonav
𝑥
≤ 3.0.1
krisonavkrisonav
0.9.3
krisonavkrisonav
0.9.4
krisonavkrisonav
0.9.5
krisonavkrisonav
0.9.6
krisonavkrisonav
0.9.7
krisonavkrisonav
1.0.0:beta
krisonavkrisonav
1.0.1
krisonavkrisonav
1.0.2
krisonavkrisonav
1.1.35
krisonavkrisonav
2.0.1:beta
krisonavkrisonav
2.1.3
krisonavkrisonav
2.1.5
krisonavkrisonav
2.1.6
krisonavkrisonav
3.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2013-04/0184.html
http://www.exploit-db.com/exploits/24965
http://www.krisonav.com/index.php?module=articles_show&articles_id=release-notes
http://www.securityfocus.com/bid/59273
https://www.htbridge.com/advisory/HTB23150
http://archives.neohapsis.com/archives/bugtraq/2013-04/0184.html
http://www.exploit-db.com/exploits/24965
http://www.krisonav.com/index.php?module=articles_show&articles_id=release-notes
http://www.securityfocus.com/bid/59273
https://www.htbridge.com/advisory/HTB23150