CVE-2018-7216
published 2018-02-18CVE-2018-7216: Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to…
PriorityP344high8CVSS 3.0
AVNACLPRLUIRSUCHIHAH
EXPLOIT
EPSS
2.91%
85.3th percentile
Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens.
CVSS provenance
nvdv3.08.0HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2018/Feb/44https://packetstormsecurity.com/files/146409/Tejari-Cross-Site-Request-Forgery.htmlhttps://www.exploit-db.com/exploits/44256/https://www.securityfocus.com/archive/1/541782/30/0/threadedhttp://seclists.org/fulldisclosure/2018/Feb/44https://packetstormsecurity.com/files/146409/Tejari-Cross-Site-Request-Forgery.htmlhttps://www.exploit-db.com/exploits/44256/https://www.securityfocus.com/archive/1/541782/30/0/threaded
2018-02-18
Published