CSRF Vulnerability in GROWI v3.4.6 and Earlier: Administrator Authentication Hijacking via 'Basic Info' Update
CVE-2019-5968 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and earlier allows remote attackers to hijack the authentication of administrators via updating user's 'Basic Info'.
Learn more about our User Device Pen Test.