Vulnerabilities > Project Hashtopussy

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-27	CVE-2017-11681	Improper Privilege Management vulnerability in Project Hashtopussy Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php. network low complexity project-hashtopussy CWE-269	6.5
2017-07-27	CVE-2017-11680	Cross-Site Request Forgery (CSRF) vulnerability in Project Hashtopussy Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. network project-hashtopussy CWE-352	6.8

Vulnerabilities > Project Hashtopussy {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Project Hashtopussy"}]}