CVE-2022-43340: CSRF
First published: Thu Oct 27 2022(Updated: )
A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dzzoffice Dzzoffice | =2.02.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-43340?
The severity of CVE-2022-43340 is high with a severity value of 8.8.
What is CVE-2022-43340?
CVE-2022-43340 is a Cross-Site Request Forgery (CSRF) vulnerability in dzzoffice 2.02.1_SC_UTF8 that allows attackers to create user accounts and grant Administrator rights to regular users.
What software is affected by CVE-2022-43340?
The Dzzoffice software version 2.02.1 is affected by CVE-2022-43340.
How can an attacker exploit CVE-2022-43340?
An attacker can exploit CVE-2022-43340 by tricking a user into performing certain actions without their consent or knowledge.
Are there any references for CVE-2022-43340?
Yes, you can find references for CVE-2022-43340 at the following links: [http://dzzoffice.com](http://dzzoffice.com), [https://github.com/zyx0814/dzzoffice](https://github.com/zyx0814/dzzoffice), [https://github.com/zyx0814/dzzoffice/issues/223](https://github.com/zyx0814/dzzoffice/issues/223).
- collector/nvd-index
- vendor/dzzoffice
- canonical/dzzoffice dzzoffice
- version/dzzoffice dzzoffice/2.02.1