CVE-2019-11457

HIGH

MicroPyramid Django CRM 0.2.1 - CSRF

Title source: llm
STIX 2.1

Description

Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
https://www.netsparker.com/blog/web-security/
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Aug/30

Scores

CVSS v3 8.8
EPSS 0.0115
EPSS Percentile 63.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (2)
micropyramid/django_crm 0.2.1
pypi/django-crm 0PyPI
Published Aug 27, 2019
Tracked Since Feb 18, 2026