Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NArtica Integria Ims
APPArtica5.0.83
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2021-3832CRITICAL9.8ten sam produkt
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An ...
CVE-2021-3833CRITICAL9.8ten sam produkt
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by th...
CVE-2019-15091CRITICAL9.8ten sam produkt
filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arb...
CVE-2018-1000812HIGH8.1ten sam produkt
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Rec...
CVE-2021-3834MEDIUM5.4ten sam produkt
Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An att...