PT-2018-13533 · Ogma · Ogma Cms
Published
2018-09-03
·
Updated
2019-09-23
·
CVE-2018-16380
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ogma CMS version 0.4 Beta
Description
A CSRF issue was found in the "users.php?action=createnew" API endpoint, allowing the creation of an admin account.
Recommendations
For Ogma CMS version 0.4 Beta, consider restricting access to the "users.php?action=createnew" endpoint until a fix is available. As a temporary workaround, disabling the
createnew action in the users.php file may help mitigate the risk of exploitation.Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ogma Cms