PT-2018-13574 · Frog Cms · Frog Cms
Furykangaroo
·
Published
2018-09-04
·
Updated
2019-02-25
·
CVE-2018-16447
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Frog CMS version 0.9.5
Description
The issue concerns a CSRF vulnerability in the admin interface, specifically affecting the "user/edit/1" endpoint. This could potentially allow unauthorized actions to be performed on user accounts.
Recommendations
For Frog CMS version 0.9.5, consider implementing proper CSRF token validation to prevent unauthorized requests to the "admin/?/user/edit/1" endpoint. As a temporary workaround, restrict access to this endpoint until a proper fix is applied.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Frog Cms