Description

FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).

Remediation

References

CVE-2018-7176

Related Vulnerabilities

MySQL CVE-2021-2180 Vulnerability (CVE-2021-2180)

WordPress Plugin 301 Redirects-Easy Redirect Manager Security Bypass (2.40)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2016-9859)

b2evolution Credentials Management Errors Vulnerability (CVE-2016-9479)

WordPress Plugin WP Mobile Detector Cross-Site Scripting (3.2)

Severity

High

Classification

CVE-2018-7176 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities