Description

FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).

Remediation

References

CVE-2018-7176

Related Vulnerabilities

WordPress Plugin WP-Members Membership Cross-Site Scripting (3.1.4.1)

WordPress Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2007-6013)

WordPress Other Vulnerability (CVE-2005-2108)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11111)

WordPress Plugin Widget Settings Importer/Exporter Cross-Site Scripting (1.5.3)

Severity

High

Classification

CVE-2018-7176 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities