CVE-2018-7219

Name of the Vulnerable Software and Affected Versions NoneCms version 1.3.0

Description The issue allows for CSRF attacks, which can be used to perform actions such as changing an admin password or adding an account. This can be achieved by sending a request to the "public/index.php/admin/admin/edit.html" endpoint.

Recommendations For NoneCms version 1.3.0, as a temporary workaround, consider implementing CSRF token validation for the "public/index.php/admin/admin/edit.html" endpoint to prevent unauthorized requests. Restrict access to this endpoint to minimize the risk of exploitation.