CVE-2013-6826

Description

cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

• http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt
• http://www.securityfocus.com/bid/63663
• http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt
• http://www.securityfocus.com/bid/63663

CWEs

CWE-352