Cross-Site Request Forgery in Online Ticket Booking Software from Vendor
CVE-2018-5073

6.8MEDIUM

Key Information:

Vendor

Advanced Real Estate Script Project

Status
Advanced Real Estate Script
Vendor
CVE Published:
3 January 2018

What is CVE-2018-5073?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the admin/movieedit.php component of Online Ticket Booking Software. This vulnerability allows an attacker to trick an administrator into executing unwanted actions on a vulnerable application while being authenticated. Exploiting this flaw could potentially compromise sensitive transactions and alter important configurations without the user's consent. It is crucial for administrators to implement security measures, such as anti-CSRF tokens, to mitigate these risks.

References

https://github.com/d4wner/Vulnerabilities-Report/blob/mas...
x_refsource_MISC

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.