CSRF Vulnerability in PHP Scripts Mall Advanced Real Estate Script Product
CVE-2018-15187

8HIGH

Key Information:

Vendor: Advanced Real Estate Script Project
Status: Advanced Real Estate Script
Vendor: CVE Published:; 10 August 2018

🔔 Create Advanced Real Estate Script Project Vulnerability Alert

What is CVE-2018-15187?

The PHP Scripts Mall Advanced Real Estate Script version 4.0.9 is vulnerable to Cross-Site Request Forgery (CSRF) attacks through the edit-profile.php script. This vulnerability allows attackers to exploit user sessions by submitting unauthorized requests on behalf of authenticated users, potentially leading to unauthorized changes in user profiles without their consent. Proper validation and user interaction confirmation mechanisms should be implemented to mitigate this security risk.

References

https://gkaim.com/cve-2018-15187-vikas-chaudhary/

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2018
Vulnerability Reserved
Aug 7, 2018

CVE-2018-15187 Data

JSON