CVE-2019-8910

Name of the Vulnerable Software and Affected Versions WTCMS version 1.0

Description An issue was discovered that allows a CSRF attack through the "index.php?g=admin&m=setting&a=site post" endpoint, specifically targeting the site post action within the setting module of the admin interface.

Recommendations For WTCMS version 1.0, consider implementing CSRF protection measures, such as token-based validation, to prevent unauthorized requests to the "index.php?g=admin&m=setting&a=site post" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.