CVE-2018-10185
Published
CVSS v3
N/A
CVSS v2
6.8
MEDIUM
Affected
1
PROJECT
Description
An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call.
TuziCMS(兔子cms)是基于ThinkPHP3.2框架开发的企业网站管理系统,提供更方便、更安全的WEB应用开发体验,国内PHP+MYSQL 开源建站程序,它具有操作简单、功能强大、稳定性好、扩展性强,二次开发及后期维护方便,可以帮您快速构建起一个强大专业的企业网站。交流官方QQ群:383851010
GitHub