PT-2018-13533 · Ogma · Ogma Cms
Publicado
2018-09-03
·
Atualizado
2019-09-23
·
CVE-2018-16380
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ogma CMS version 0.4 Beta
Description
A CSRF issue was found in the "users.php?action=createnew" API endpoint, allowing the creation of an admin account.
Recommendations
For Ogma CMS version 0.4 Beta, consider restricting access to the "users.php?action=createnew" endpoint until a fix is available. As a temporary workaround, disabling the
createnew action in the users.php file may help mitigate the risk of exploitation.Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ogma Cms