CVE-2018-15844

Name of the Vulnerable Software and Affected Versions DamiCMS version 6.0.0

Description An issue was discovered that allows revision of the administrator account's password via the "API Endpoint: /admin.php?s=/Admin/doedit" due to a CSRF vulnerability.

Recommendations For DamiCMS version 6.0.0, consider disabling access to the /admin.php?s=/Admin/doedit endpoint until a patch is available to prevent exploitation of the CSRF vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.