CVE-2019-9926

Published October 29th, 2019

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability.

RhinoSecurityLabs/CVEs

Proof-of-Concept exploits for CVEs found by the team at Rhino Security Labs

GitHub

897