CVE-2018-11003

Name of the Vulnerable Software and Affected Versions YXcms version 1.4.7

Description A cross-site request forgery issue allows remote attackers to delete administrator accounts. The issue is related to the "index.php?r=admin/admin/admindel" endpoint, specifically in the protected/apps/admin/controller/adminController.php file.

Recommendations For YXcms version 1.4.7, as a temporary workaround, consider restricting access to the "adminController.php" file or the "index.php?r=admin/admin/admindel" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.