The SMBVR is focused exclusively on detecting any significant vulnerabilities that an attacker could exploit from the outside.

The focus of the research was to detect any significant vulnerabilities in a SMB’s website, software or application exposed to the Internet and visible and accessible to an attacker.


The purpose of the SMBVR is to educate SMBs on significant vulnerabilities and how best to mitigate the risks cost-effectively and promptly, so SMBs can stay proactive and one step ahead of attackers and continue to grow and succeed.

This vulnerability is caused from weaknesses that allow an attacker to force a user to submit a malicious request unknowingly when the user is authenticated to the website so the site will have no way to distinguish between the forged request sent by the victim and a legitimate request sent by the victim, to cause a state change on the server, such as changing the victim’s password, and using the access to steal data or install ransomware.

SMBVR Media Coverage