← volver
CVE-2018-25200

OOP CMS BLOG 1.0 Cross-Site Request Forgery via addUser.php

CVSS 6.9 MEDIUMEPSS 0.2%CWE-352
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
Productos afectados
Zsoft · OOP CMS BLOG

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.exploit-db.com/exploits/45794https://www.vulncheck.com/advisories/oop-cms-blog-cross-site-request-forgery-via-adduserphp