CVE-2019-13949

HIGH

SyGuestBook A5 1.2 - Cross-Site Request Forgery via Password Change

Title source: llm
STIX 2.1

Description

SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change.

Scores

CVSS v3 8.8
EPSS 0.0067
EPSS Percentile 47.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
syguestbook_a5_project/syguestbook_a5 1.2
Published Jul 18, 2019
Tracked Since Feb 18, 2026