CVE-2013-6826

Fortinet Fortianalyzer Firmware < 5.0.4 - CSRF

Title source: rule

Description

cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.

Exploits (1)

exploitdb WORKING POC VERIFIED

by William Costa · htmlremotehardware

https://www.exploit-db.com/exploits/38824

View Code ZIP pw:eip

References (2)

[Exploit] http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt

[Exploit] http://www.securityfocus.com/bid/63663

Scores

EPSS 0.0041

EPSS Percentile 61.5%

Details

CWE

CWE-352

Status published

Products (7)

fortinet/fortianalyzer-1000d

fortinet/fortianalyzer-2000b

fortinet/fortianalyzer-200d

fortinet/fortianalyzer-3000d

fortinet/fortianalyzer-300d

fortinet/fortianalyzer-4000b

fortinet/fortianalyzer_firmware < 5.0.4

Published Nov 20, 2013

Tracked Since Feb 18, 2026