CSRF Vulnerability in GROWI v3.4.6 and Earlier: Administrator Authentication Hijacking via 'Basic Info' Update

CSRF Vulnerability in GROWI v3.4.6 and Earlier: Administrator Authentication Hijacking via 'Basic Info' Update

CVE-2019-5968 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and earlier allows remote attackers to hijack the authentication of administrators via updating user's 'Basic Info'.

Learn more about our User Device Pen Test.