CSRF Vulnerability in wger Workout Manager 2.2.0a3 Allows Remote Privilege Escalation

CSRF Vulnerability in wger Workout Manager 2.2.0a3 Allows Remote Privilege Escalation

CVE-2023-38759 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.

Learn more about our User Device Pen Test.