Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote malicious users to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sql-ledger sql-ledger 2.8.24 |