Description
HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/47808
Scores
CVSS v3
8.8
EPSS
0.0017
EPSS Percentile
37.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
homeautomation_project/homeautomation
3.3.2
Published
Apr 27, 2021
Tracked Since
Feb 18, 2026