CVE-2020-24739

Published September 10th, 2020

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.

idreamsoft/iCMS

iCMS 是一套采用 PHP 和 MySQL 构建的高效简洁的内容管理系统,为您的网站提供一个完美的开源解决方案

GitHub