CVE-2022-23904

HIGH

Rainworx Auctionworx < 3.1R2 - CSRF

Title source: llm
STIX 2.1

Description

Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.rainworx.com/

Scores

CVSS v3 8.0
EPSS 0.0043
EPSS Percentile 34.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
rainworx/auctionworx < 3.1 (2 CPE variants)
Published May 02, 2022
Tracked Since Feb 18, 2026