CVE-2018-19319

Name of the Vulnerable Software and Affected Versions SRCMS version 3.0.0

Description The issue allows for a CSRF attack via the "admin.php?m=Admin&c=gifts&a=update" API endpoint to change goods prices with the privileges of a super administrator.

Recommendations For SRCMS version 3.0.0, as a temporary workaround, consider restricting access to the "admin.php?m=Admin&c=gifts&a=update" endpoint to prevent unauthorized changes to goods prices. At the moment, there is no information about a newer version that contains a fix for this vulnerability.