CSRF Vulnerability in CmsEasy Product by CmsEasy
CVE-2018-11679

8.8HIGH

Key Information:

Vendor

Cmseasy

Status
Cmseasy
Vendor
CVE Published:
2 June 2018

What is CVE-2018-11679?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in CmsEasy version 6.1_20180508. This flaw allows attackers to exploit the application's functionality to add arbitrary articles via a crafted request to the endpoint '/index.php?case=table&act=add&table=archive&admin_dir=admin'. Proper access controls are not in place, making it crucial for users and administrators of CmsEasy to implement security measures to protect against unauthorized article submissions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.8sec.cc/archives/619
x_refsource_MISC
http://www.8sec.cc/cmseasy_addarticle.txt
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.