CVE-2020-35675

BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their privileges to Administrator and effectively taking over the application.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
bigprofonline_invoicing_system
𝑥
< 3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.0
https://labs.ingredous.com/2020/07/13/ois-transfer-csrf/
https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.0
https://labs.ingredous.com/2020/07/13/ois-transfer-csrf/