CSRF in Fortinet Fortianalyzer-1000d

CVE-2013-6826

cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.004 (61.9th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

cve@mitre.org (Exploit, x_refsource_MISC)
63663 (Exploit, vdb-entry, x_refsource_BID)