What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan occupancyplan allows SQL Injection.This issue affects occupancyplan: from n/a through <= 1.0.3.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan occupancyplan allows SQL Injection.This issue affects occupancyplan: from n/a through <= 1.0.3.0.
Explanation of Vulnerability in Simple Terms
OccupancyPlan versions 1.0.3.0 and earlier are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by a logged-in user, performs unwanted actions on the user's behalf. The attack requires the victim to visit the attacker's page while authenticated. This can result in unauthorized changes and potential service disruption.
What an attacker can do
Perform unwanted actions on behalf of a logged-in user, such as modifying settings or data.
Potential impact on your site
Users' accounts can be manipulated to make unauthorized changes without their knowledge or consent.
Conditions required to exploit
Victim must be logged in and visit an attacker-controlled webpage.
Key dates
External resources
Related vulnerabilities