Cross-Site Request Forgery in FUEL CMS by Daylight Studio
CVE-2018-16416

8.8HIGH

Key Information:

Vendor: Thedaylightstudio
Status: Fuel Cms
Vendor: CVE Published:; 3 September 2018

🔔 Create Thedaylightstudio Vulnerability Alert

What is CVE-2018-16416?

A security vulnerability exists in FUEL CMS 1.4 that allows remote attackers to execute unauthorized actions by leveraging a Cross-Site Request Forgery (CSRF) flaw. By manipulating user sessions, attackers may change the administrator's password without proper authentication. This vulnerability highlights the necessity for comprehensive protection against CSRF attacks to ensure the integrity of user accounts.

References

http://www.iwantacve.cn/index.php/archives/48/

x_refsource_MISC

https://github.com/daylightstudio/FUEL-CMS/issues/481

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 3, 2018

CVE-2018-16416 Data

JSON