CSRF Vulnerability in Eventum 3.5.0 Allows Unauthorized Creation of Admin User

CSRF Vulnerability in Eventum 3.5.0 Allows Unauthorized Creation of Admin User

CVE-2018-12628 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges.

Learn more about our User Device Pen Test.