Arbitrary Administrator Account Addition Vulnerability in nbnbk's Add Administrator Function

Arbitrary Administrator Account Addition Vulnerability in nbnbk's Add Administrator Function

CVE-2022-46491 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts.

Learn more about our Web Application Penetration Testing UK.