Published: 16/07/2015 Updated: 07/12/2016

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box prior to 4.0.0 (r19171) allows remote malicious users to hijack the authentication of administrators for requests that add administrator accounts via certain vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
boxautomation c2box

Title: Cross-Site Request Forgery (CSRF) Vulnerability in C2Box application Allows adding an Admin User or reset any user's password Author: Wissam Bashour - Help AG Middle East Vendor: boxautomation(BAS) Product: C2Box Version: All versions below 400(r19171) Tested Version: Version 400(r19171) Severity: HIGH CVE Reference: CVE-2015-4460 ...

C2Box version 400 r19171 suffers from a cross site request forgery vulnerability ...

CWE-352 https://raw.githubusercontent.com/Siros96/CSRF/master/PoC http://www.securityfocus.com/archive/1/535861/30/0/threaded https://www.exploit-db.com/exploits/37447/https://packetstormsecurity.com/files/132475/C2Box-4.0.0-r19171-Cross-Site-Request-Forgery.html http://www.securityfocus.com/bid/75569 https://nvd.nist.gov https://www.exploit-db.com/exploits/37447/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-4460

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect