Report an incident
Report an incident

Vulnerability in SmodBIP software
10 October 2023 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2023-4837
Publication date 10 October 2023
Vendor Jan Syski
Product SmodBIP
Vulnerable versions All
Vulnerability type (CWE) Cross-Site Request Forgery (CWE-352)
Report source Own research


During its own research, CERT Polska has found a CSRF (Cross-Site Request Forgery) vulnerability in SmodBIP software. This could allow a malicious actor to use a higher privileged users to execute unwanted actions under their current authentication when the user enters a specially crafted link.

The weakness has been assigned the number CVE-2023-4837. The product is currently in out-of-support state, which means that no fix should be expected. All versions of the software are believed to be vulnerable as the newest one was tested.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at