CVE-2023-34839

MEDIUM

Issabel PBX 4.0.0-6 - Cross-Site Request Forgery via New User Creation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-34839. PoCs published by sahiloj.

AI-analyzed exploit summary This repository provides a detailed writeup and steps to reproduce a CSRF vulnerability in Issabel PBX 4.0.0-6, which allows an attacker to escalate privileges by creating a new admin user via a crafted HTML exploit. The PoC includes screenshots and instructions but does not contain executable exploit code.

Description

A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.

Exploits (1)

nomisec WRITEUP 5 stars
by sahiloj · poc
https://github.com/sahiloj/CVE-2023-34839

This repository provides a detailed writeup and steps to reproduce a CSRF vulnerability in Issabel PBX 4.0.0-6, which allows an attacker to escalate privileges by creating a new admin user via a crafted HTML exploit. The PoC includes screenshots and instructions but does not contain executable exploit code.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Issabel issabel-pbx v4.0.0-6
No auth needed
Prerequisites: Admin session active in the same browser · Victim to open the crafted HTML file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 6.8
EPSS 0.0052
EPSS Percentile 40.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-352
Status published
Products (1)
issabel/pbx 4.0.0-6
Published Jun 27, 2023
Tracked Since Feb 18, 2026