CVE-2018-19511

MEDIUM

Webgalamb 7.0 - Cross-Site Request Forgery via wg7.php

Title source: llm
STIX 2.1

Description

wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password.

References (2)

Core 2
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2019/Jan/15

Scores

CVSS v3 6.5
EPSS 0.0073
EPSS Percentile 49.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
ens/webgalamb 7.0
Published Mar 21, 2019
Tracked Since Feb 18, 2026