CVE-2018-16732

Name of the Vulnerable Software and Affected Versions CScms version 4.1

Description The issue concerns a CSRF vulnerability in the Setting.php file within the CScms software. This vulnerability can be exploited via the "admin.php/setting/ftp save" endpoint.

Recommendations For CScms version 4.1, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests to the "admin.php/setting/ftp save" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.