CVE-2018-19291

Published November 15th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

5.8

MEDIUM

Affected

PROJECT

Description

An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.

chekun/DiliCMS

DiligentCMS

GitHub

191