Chenrui1896

#8919of 53,632
30.6Total CVSS
Vulnerabilities · 4
Medium
2
High
2
PT-2018-11504
6.5
2018-06-29
Easycms · Easycms · CVE-2018-12971
**Name of the Vulnerable Software and Affected Versions** EasyCMS version 1.3 **Description** The issue allows for CSRF via the "index.php?s=/admin/user/delAll" URI to delete users. **Recommendations** For EasyCMS version 1.3, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent unauthorized actions like deleting users. As a temporary workaround, restrict access to the "index.php?s=/admin/user/delAll" URI to minimize the risk of exploitation.
PT-2018-11536
8.8
2018-06-29
Wstmall · Wstmall · CVE-2018-13010
**Name of the Vulnerable Software and Affected Versions** WSTMall version 1.9.1 170316 **Description** The issue allows for CSRF via the "index.php?m=Admin&c=Users&a=edit" API endpoint to add a user account. This is achieved by exploiting the lack of proper CSRF protection, allowing an attacker to perform unauthorized actions. **Recommendations** For WSTMall version 1.9.1 170316, as a temporary workaround, consider implementing proper CSRF protection mechanisms to prevent unauthorized requests to the "index.php?m=Admin&c=Users&a=edit" endpoint. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2018-11268
8.8
2018-06-19
Akcms · Akcms · CVE-2018-12582
**Name of the Vulnerable Software and Affected Versions** AKCMS version 6.1 **Description** An issue was discovered that allows CSRF to add an admin account via the "/index.php?file=account&action=manageaccounts&job=newaccount" API endpoint. **Recommendations** For AKCMS version 6.1, consider disabling the account management feature until a patch is available to prevent exploitation via the "/index.php?file=account&action=manageaccounts&job=newaccount" endpoint.
PT-2018-11269
6.5
2018-06-19
Akcms · Akcms · CVE-2018-12583
**Name of the Vulnerable Software and Affected Versions** AKCMS version 6.1 **Description** An issue was discovered that allows CSRF to delete an article via an admincp deleteitem action to "index.php". **Recommendations** For AKCMS version 6.1, consider implementing CSRF protection measures to prevent unauthorized deletion of articles, such as validating user requests and ensuring that the deleteitem action is properly authenticated.