PT-2018-9924 · Baijia · Baijiacms

Published

2018-04-27

Updated

2019-12-03

CVE-2018-10503

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: baijiacms V4 version v4 1 4 20170105

Description: An issue in index.php allows for CSRF attacks, enabling unauthorized actions such as adding an administrator account via "op=edituser", changing the administrator password via "op=changepwd", or deleting an account via "op=deleteuser".

Recommendations: For baijiacms V4 version v4 1 4 20170105, consider implementing CSRF protection measures to prevent unauthorized actions, such as validating user requests and ensuring that sensitive operations like adding, modifying, or deleting accounts require proper authentication and authorization.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-10503

Affected Products

Baijiacms

PT-2018-9924 · Baijia · Baijiacms

CVE-2018-10503

Weakness Enumeration

Related Identifiers

Affected Products

References · 3