Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The disqualify lead action may be executed without CSRF token check
Vulnerability Description
OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
OroCrm 跨站请求伪造漏洞
Vulnerability Description
OroCrm是美国Oro公司的一个开源客户关系管理 (Crm) 应用程序。用于跨多个渠道创建客户的 360° 视图、组织销售渠道、管理帐户和联系信息、与客户沟通、运行营销活动和跟踪活动绩效。 OroCRM存在安全漏洞,攻击者可利用该漏洞执行跨站点请求伪造(CSRF)攻击。
CVSS Information
N/A
Vulnerability Type
N/A