Westbrookadmin

#9852of 53,622
28Total CVSS
Vulnerabilities · 4
Medium
2
High
2
PT-2018-13235
8.8
2018-08-25
Fledrcms · Fledrcms · CVE-2018-15846
**Name of the Vulnerable Software and Affected Versions** fledrCMS versions prior to 2014-02-03 **Description** An issue was discovered that allows a CSRF vulnerability to change the administrator's password. This can be done via the "index.php?p=done&savedata=1" endpoint. **Recommendations** For versions prior to 2014-02-03, as a temporary workaround, consider restricting access to the `index.php?p=done&savedata=1` endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-13236
6.1
2018-08-25
Puppycms · Puppycms · CVE-2018-15847
**Name of the Vulnerable Software and Affected Versions** puppyCMS version 5.1 **Description** An issue was discovered in the software, where there is a potential for XSS via the `menu.php` file in the "Add Page/URL" URL link field. **Recommendations** For puppyCMS version 5.1, consider restricting access to the `menu.php` file or the "Add Page/URL" feature until a fix is available. As a temporary workaround, avoid using the "Add Page/URL" URL link field in `menu.php` to minimize the risk of exploitation.
PT-2018-13237
8.8
2018-08-25
Portfoliocms · Portfoliocms · CVE-2018-15848
**Name of the Vulnerable Software and Affected Versions** portfolioCMS version 1.0.5 **Description** An issue was discovered that allows CSRF to create new pages. This can be done via the "admin/portfolio.php?newpage=true" endpoint. **Recommendations** For portfolioCMS version 1.0.5, consider implementing CSRF protection measures to prevent unauthorized creation of new pages, such as validating tokens or headers to ensure requests are legitimate. As a temporary workaround, restrict access to the "admin/portfolio.php?newpage=true" endpoint to minimize the risk of exploitation.
PT-2018-13238
4.3
2018-08-25
Portfoliocms · Portfoliocms · CVE-2018-15849
**Name of the Vulnerable Software and Affected Versions** portfolioCMS version 1.0.5 **Description** An issue was discovered that allows CSRF to update the website settings via the "admin/aboutus.php" endpoint. **Recommendations** For portfolioCMS version 1.0.5, consider implementing CSRF protection measures to prevent unauthorized updates to website settings. As a temporary workaround, restrict access to the "admin/aboutus.php" endpoint until a patch is available.