Description

FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).

Remediation

References

CVE-2018-7176

Related Vulnerabilities

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder SQL Injection (1.15.5)

PHP Resource Management Errors Vulnerability (CVE-2006-1549)

Oracle Database Server Other Vulnerability (CVE-2005-0701)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5471)

Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4522)

Severity

High

Classification

CVE-2018-7176 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities