CVE-2019-9598

Name of the Vulnerable Software and Affected Versions Cscms version 4.1.0

Description An issue in Cscms allows for a CSRF vulnerability through the admin.php/pay endpoint, potentially enabling an attacker to change the payment account and redirect funds.

Recommendations For Cscms version 4.1.0, as a temporary workaround, consider disabling access to the admin.php/pay endpoint until a patch is available. Restrict the use of the payment account modification feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.