CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote malicious users to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
quadbase espressreport enterprise server 7.0 |