First published: Thu Oct 27 2022(Updated: )
A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dzzoffice Dzzoffice | =2.02.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-43340 is high with a severity value of 8.8.
CVE-2022-43340 is a Cross-Site Request Forgery (CSRF) vulnerability in dzzoffice 2.02.1_SC_UTF8 that allows attackers to create user accounts and grant Administrator rights to regular users.
The Dzzoffice software version 2.02.1 is affected by CVE-2022-43340.
An attacker can exploit CVE-2022-43340 by tricking a user into performing certain actions without their consent or knowledge.
Yes, you can find references for CVE-2022-43340 at the following links: [http://dzzoffice.com](http://dzzoffice.com), [https://github.com/zyx0814/dzzoffice](https://github.com/zyx0814/dzzoffice), [https://github.com/zyx0814/dzzoffice/issues/223](https://github.com/zyx0814/dzzoffice/issues/223).