N/A

Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by (1) changing the administrator password via a crafted request to CMD0/mod_cmd.xml or (2) adding a new SIP user via a crafted request to PBX0/ADMIN/mod_cmd_login.xml.

N/A

N/A

Innovaphone PBX 跨站请求伪造漏洞

Innovaphone PBX是德国Innovaphone公司的一套应用于商业环境中的VoIP电话系统。该系统提供IP电话功能，并集成了统一通信解决方案。 Innovaphone PBX 10.00 sr11及之前版本中存在跨站请求伪造漏洞。远程攻击者可通过发送特制的请求利用该漏洞修改配置或用户账户。

N/A

N/A