PT-2018-13505 · Easycms · Easycms

Sdrac0Nids

Published

2018-09-02

Updated

2018-11-13

CVE-2018-16345

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions EasyCMS version 1.5

Description An issue was discovered that allows for a CSRF vulnerability, enabling the update of the admin password. This is achieved via the index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent endpoint, by exploiting the lack of proper CSRF protection.

Recommendations For EasyCMS version 1.5, consider implementing proper CSRF protection mechanisms to prevent unauthorized updates to the admin password, such as validating tokens for requests made to the index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent endpoint.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-16345

Affected Products

Easycms

PT-2018-13505 · Easycms · Easycms

CVE-2018-16345

Weakness Enumeration

Related Identifiers

Affected Products

References · 3