CVE-2023-0480
VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator’s account. This is possible because the application is vulnerable to CSRF.
Date published : 2023-04-04
https://fluidattacks.com/advisories/sharp/