PT-2018-9764 · Idreamsoft · Icms
Publicado
2018-04-19
·
Atualizado
2018-05-22
·
CVE-2018-10222
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
idreamsoft iCMS version 7.0
Description:
A CSRF issue was found that can be exploited to add a Column via the "/admincp.php?app=article category&do=save&frame=iPHP" API endpoint.
Recommendations:
For idreamsoft iCMS version 7.0, as a temporary workaround, consider restricting access to the "/admincp.php?app=article category&do=save&frame=iPHP" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.
Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Icms