CVE-2019-25447 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malici…
Medium CVSS: 5.3

CVE-2019-25447

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes, manage users, and create functions by sending authenticated requests without token validation, combined with reflected and stored cross-site scripting vulnerabilities in the web interface.
Vendor
Orientdb
Product
Orientdb
CWE
CWE-352
Yayın Tarihi
2026-02-20 23:16:01
Güncelleme
2026-02-24 16:42:59
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-352 Orientdb MEDIUM Orientdb 2026

Referanslar

https://orientdb.dev/ https://www.exploit-db.com/exploits/46517 https://www.vulncheck.com/advisories/orientdb-cross-site-request-forgery