CVE-2015-4460

EUVD-2015-4480
Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
boxautomationc2box
𝑥
≤ 4.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/archive/1/535861/30/0/threaded
http://www.securityfocus.com/bid/75569
https://packetstormsecurity.com/files/132475/C2Box-4.0.0-r19171-Cross-Site-Request-Forgery.html
https://raw.githubusercontent.com/Siros96/CSRF/master/PoC
https://www.exploit-db.com/exploits/37447/
http://www.securityfocus.com/archive/1/535861/30/0/threaded
http://www.securityfocus.com/bid/75569
https://packetstormsecurity.com/files/132475/C2Box-4.0.0-r19171-Cross-Site-Request-Forgery.html
https://raw.githubusercontent.com/Siros96/CSRF/master/PoC
https://www.exploit-db.com/exploits/37447/