Cross-Site Request Forgery (CSRF) Vulnerability in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0

Cross-Site Request Forgery (CSRF) Vulnerability in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0

CVE-2018-5329 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.

Learn more about our Web App Pen Testing.