CVE-2018-19327

Name of the Vulnerable Software and Affected Versions JTBC(PHP) version 3.0.1.7

Description An issue was discovered that allows CSRF in the "aboutus/manage.php" endpoint, specifically when the "type" parameter is set to "action" and the "action" parameter is set to "add".

Recommendations For JTBC(PHP) version 3.0.1.7, consider implementing CSRF protection measures, such as token-based validation, to prevent exploitation of this issue. As a temporary workaround, restrict access to the "aboutus/manage.php" endpoint with the specified parameters to minimize the risk of exploitation.