PT-2019-6077 · Aik · Aikcms
Richard1266
·
Published
2019-04-29
·
Updated
2021-08-17
·
CVE-2020-18464
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
AikCms version 2.0.0
Description
The issue is related to a Cross Site Request Forgery (CSRF) vulnerability in the video list.php file. This can allow a malicious user to delete movie information. The vulnerability can be exploited by a remote attacker.
Recommendations
For AikCms version 2.0.0, consider disabling access to the video list.php file until a patch is available to prevent exploitation of the CSRF vulnerability. Restricting the functionality related to deleting movie information can also help minimize the risk.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aikcms