Unpatched Cross-Site Request Forgery Vulnerability in SmodBIP Allows Unauthorized Account Creation

Unpatched Cross-Site Request Forgery Vulnerability in SmodBIP Allows Unauthorized Account Creation

CVE-2023-4837 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. This issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the vulnerability will not be fixed.

Learn more about our User Device Pen Test.