CVE-2018-8908

Name of the Vulnerable Software and Affected Versions Frog CMS version 0.9.5

Description The issue is related to the lack of an anti-CSRF token in state modification requests, specifically in the "add user" functionality. This allows a malicious user to craft an HTML page that can trick a victim into creating a new user with admin privileges when clicked. The vulnerable endpoint is "/admin/?/user/add".

Recommendations For Frog CMS version 0.9.5, consider implementing an anti-CSRF token in state modification requests to prevent cross-site request forgery attacks. As a temporary workaround, restrict access to the "/admin/?/user/add" endpoint to minimize the risk of exploitation.