CVE-2018-12603

Name of the Vulnerable Software and Affected Versions LFCMS version 3.7.0

Description A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack the authentication of users for requests that add administrator users via the s parameter.

Recommendations For LFCMS version 3.7.0, as a temporary workaround, consider restricting access to the admin.php file until a patch is available. Avoid using the s parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.