CVE-2022-46074 - Helmet Store Showroom v1.0 Cross Site Request Forgery Researcher: @yuyudhn Description: Unauthenticated user able to add admin account due to missing CSRF protection at Helmet Store Showroom v1.0. This vulnerability has not been known to be fixed yet. Details: - Software: Helmet Store Showroom - Vendor: orentnom23 - Vulnerable Version: v1.0 - Classification: Cross Site Request Forgery (CSRF) - Required Privilege: Unauthenticated - Publicly Disclosed: 2022-12-14 Proof of Concept: PoC References: - CVE-2022-46074 - CVE.org - CVE-2022-46074 - NIST NVD - CVE-2022-46074 - Tenable Tags: CSRF Categories: CVE Updated: January 19, 2023