Back to CVE List

CVE-2019-25682

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
4.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Vulnerability Description

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint with parameters like source=add_user, source=edit_user, or del=1 to create, modify, or delete admin accounts.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-352
Source
NVD
Vendor
VictorAlagwu
Product
CMSsite

External References

Discussion (0)

Add Comment

No comments yet. Be the first!