CVE-2023-0480 Information

Description

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator’s account. This is possible because the application is vulnerable to CSRF.

Reference

https://fluidattacks.com/advisories/sharp/ https://vitalpbx.com/