CSRF Vulnerability in FrontAccounting 2.4.3 Allows Unauthorized User Account Addition

CSRF Vulnerability in FrontAccounting 2.4.3 Allows Unauthorized User Account Addition

CVE-2018-7176 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).

Learn more about our User Device Pen Test.