MyT Project Management 1.5.1 CSRF
- by Vince
-
in Blog
-
Hits: 7009
Disclosure date: 8/19/19
CVE-2019-15496
MyT Project Management 1.5.1 and possibly before are affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.
Viewing Users:
Malicious page:
Upon phishing the administrator: