Primary

Context

Teedy Cross-Site Request Forgery Vulnerability Allowing Account Takeover

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in Teedy versions through 1.11. This vulnerability allows for account takeover by sending a POST request to the /api/user/admin endpoint.

Impact

Exploitation of this vulnerability could lead to unauthorized account access and administrative privileges on the affected Teedy instance.

Reproduction

To reproduce this vulnerability, send a POST request to the /api/user/admin endpoint from a user account that is not an administrator. The request must include the necessary CSRF token to bypass protection mechanisms. If successful, the account will be granted administrative privileges.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Teedy Cross-Site Request Forgery Vulnerability Allowing Account Takeover

Vulnerability

Impact

Reproduction

Affected Products

Sismics Teedy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating