CVE-2018-16448

Published September 4th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.

chshcms/cscms

基于CI框架开发的一套多元化产品

GitHub