CVE-2017-8930

HIGH

Simple Invoices 2013.1.beta.8 - CSRF

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/simpleinvoices/simpleinvoices/issues/270

Scores

CVSS v3 8.8
EPSS 0.0072
EPSS Percentile 49.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
simpleinvoices/simple_invoices 2013.1 beta8
Published May 14, 2017
Tracked Since Feb 18, 2026