CVE-2019-16719

Name of the Vulnerable Software and Affected Versions WTCMS version 1.0

Description The issue allows for a CSRF attack with resultant XSS via the index.php endpoint, specifically when accessing the g=admin&m=index&a=index parameters. This can lead to unauthorized actions being performed on the application.

Recommendations For WTCMS version 1.0, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests. Additionally, ensure that user input is properly sanitized to prevent XSS attacks. As a temporary workaround, restrict access to the index.php?g=admin&m=index&a=index endpoint until a proper fix is implemented.