First published: Tue Aug 06 2019(Updated: )
Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Schben Adive | =2.0.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-14346 is a vulnerability in Schben Adive 2.0.7 that allows an attacker to change a user's password through a CSRF attack.
CVE-2019-14346 has a severity rating of 8.8 (high).
Exploiting CVE-2019-14346 requires performing a CSRF attack on the admin/config page to change a user's password.
To protect against CVE-2019-14346, update to a version of Schben Adive that is not affected by this vulnerability or apply patches provided by the vendor.
More information about CVE-2019-14346 can be found at the following references: http://packetstormsecurity.com/files/153989/Adive-Framework-2.0.7-Cross-Site-Request-Forgery.html, https://hackpuntes.com/cve-2019-14346-adive-framework-2-0-7-cross-site-request-forgery/, https://www.adive.es/