CVE-2022-23904

Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
rainworxauctionworx
𝑥
≤ 3.1
rainworxauctionworx
𝑥
≤ 3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://ebereorisi.com/blog/account-privilege-upgrade-on-auctionworx-software-cve-2022-23904/
https://www.rainworx.com/
https://ebereorisi.com/blog/account-privilege-upgrade-on-auctionworx-software-cve-2022-23904/
https://www.rainworx.com/