Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Boxautomation | C2Box | <= 4.0.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/535861/30/0/threadedExploit
- http://www.securityfocus.com/bid/75569
- https://packetstormsecurity.com/files/132475/C2Box-4.0.0-r19171-Cross-Site-RequeExploit
- https://raw.githubusercontent.com/Siros96/CSRF/master/PoCExploit
- https://www.exploit-db.com/exploits/37447/Exploit
- http://www.securityfocus.com/archive/1/535861/30/0/threadedExploit
- http://www.securityfocus.com/bid/75569
- https://packetstormsecurity.com/files/132475/C2Box-4.0.0-r19171-Cross-Site-RequeExploit
- https://raw.githubusercontent.com/Siros96/CSRF/master/PoCExploit
- https://www.exploit-db.com/exploits/37447/Exploit
FAQ
What is CVE-2015-4460?
CVE-2015-4460 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of adminis...
How severe is CVE-2015-4460?
CVE-2015-4460 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4460?
Check the references section above for vendor advisories and patch information. Affected products include: Boxautomation C2Box.