CVE-2020-20593
HIGH WAF: Low
CVSS 8.0
Published: 2021-12-22
CWE-352
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.
WAF Coverage Analysis
Cross-Site Request Forgery (CSRF)
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| rockoa | rockoa | 1.9.8 |
References
- www.rockoa.com (Broken Link, Product)
- github.com (Exploit, Issue Tracking, Third Party Advisory)