CVE-2018-16338

Name of the Vulnerable Software and Affected Versions AuraCMS version 2.3

Description An issue was discovered that allows a CSRF vulnerability, enabling an attacker to change the administrator's password via the "admin.php?mod=users" endpoint and subsequently add a page or menu, or submit a topic.

Recommendations For AuraCMS version 2.3, as a temporary workaround, consider restricting access to the "admin.php?mod=users" endpoint until a patch is available. Additionally, restrict the ability to add pages, menus, or submit topics to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.