CVE-2022-43340 — HIGH (8.8)

Vulnerability Description

A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dzzoffice	Dzzoffice	2.02.1

Related Weaknesses (CWE)

CWE-352

References

http://dzzoffice.comProduct
https://github.com/zyx0814/dzzofficeThird Party Advisory
https://github.com/zyx0814/dzzoffice/issues/223ExploitIssue TrackingThird Party Advisory
http://dzzoffice.comProduct
https://github.com/zyx0814/dzzofficeThird Party Advisory
https://github.com/zyx0814/dzzoffice/issues/223ExploitIssue TrackingThird Party Advisory

FAQ

What is CVE-2022-43340?

CVE-2022-43340 is a vulnerability with a CVSS score of 8.8 (HIGH). A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.

How severe is CVE-2022-43340?

CVE-2022-43340 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-43340?

Check the references section above for vendor advisories and patch information. Affected products include: Dzzoffice Dzzoffice.