CSRF Vulnerability in Quadbase EspressReports ES 7 Update 9 Allows Unauthorized File Upload

CSRF Vulnerability in Quadbase EspressReports ES 7 Update 9 Allows Unauthorized File Upload

CVE-2020-24984 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server.

Learn more about our Web App Pen Testing.