CSRF Vulnerability in Neoflex Video Subscription System Affects Payment Settings
CVE-2020-22273

6.5MEDIUM

Key Information:

Vendor: Creativeitem
Status: Neoflex Video Subscription System
Vendor: CVE Published:; 4 November 2020

🔔 Create Creativeitem Vulnerability Alert

What is CVE-2020-22273?

The Neoflex Video Subscription System Version 2.0 suffers from a Cross-Site Request Forgery (CSRF) vulnerability. This flaw potentially allows unauthorized users to change sensitive website settings, including crucial payment configurations. Exploiting this vulnerability could lead to financial losses and affect the integrity of the subscription service. It is essential for users and administrators to be aware of this risk and implement appropriate security measures.

References

https://uploadboy.com/v630a7smyykc/539/mp4

x_refsource_MISC

https://cert.ikiu.ac.ir/public-files/news/document/CVE-99...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2020
Vulnerability Reserved
Aug 13, 2020