CVE-2018-19192

Name of the Vulnerable Software and Affected Versions XiaoCms version 20141229

Description An issue was discovered in XiaoCms, where the API endpoint "admin/index.php?c=content&a=add&catid=3" is vulnerable to CSRF attacks. This can be exploited by entering news via the data[content] parameter.

Recommendations For XiaoCms version 20141229, as a temporary workaround, consider restricting access to the "admin/index.php?c=content&a=add&catid=3" endpoint to minimize the risk of exploitation. Avoid using the data[content] parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.