CMS V1.0 Exposed to CSRF Attacks
CVE-2024-48758

Currently unrated

Key Information:

Vendor: dingfanzu
Status: Dingfanzu Cms
Vendor: CVE Published:; 16 October 2024

What is CVE-2024-48758?

dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code

References

https://github.com/Yllxx03/CVE/blob/main/CVE-2024-48758/C...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2024