CVE-2023-0480

Publication date

2023-04-04 00:00:00

Family

Fluid Attacks

State

PUBLISHED

Description

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrators account. This is possible because the application is vulnerable to CSRF.