CSRF Vulnerability in Knowage (formerly SpagoBI) 6.1.1 via Every Form

CSRF Vulnerability in Knowage (formerly SpagoBI) 6.1.1 via Every Form

CVE-2018-12354 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request.

Learn more about our Web Application Penetration Testing UK.