CVE-2018-16345

Published September 2nd, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.

TeamEasy/EasyCMS

cms by thinkphp3.1.3+dwz+bootstrap

GitHub

103