CVE-2018-11018

Name of the Vulnerable Software and Affected Versions PbootCMS version 1.0.7

Description A cross-site request forgery (CSRF) issue allows remote attackers to add administrator accounts. This is possible due to a vulnerability in the RoleController.php file, specifically when accessing the "admin.php/role/add.html" endpoint.

Recommendations For PbootCMS version 1.0.7, as a temporary workaround, consider disabling the admin.php/role/add.html endpoint until a patch is available. Restrict access to the RoleController.php file to minimize the risk of exploitation. Avoid using the admin.php/role/add.html endpoint until the issue is resolved.