CVE-2020-10229

HIGH

Vtenext - CSRF

Title source: rule

Description

A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.

Exploits (1)

exploitdb WORKING POC

by Marco Ruela · pythonwebappsmultiple

https://www.exploit-db.com/exploits/48804

View Code ZIP pw:eip

References (3)

[Product, Third Party Advisory] https://sourceforge.net/projects/vtecrm/

[Product, Vendor Advisory] https://vtenext.com/en/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48804

Scores

CVSS v3 8.8

EPSS 0.0040

EPSS Percentile 60.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

vtenext/vtenext 19

Published Sep 14, 2020

Tracked Since Feb 18, 2026