CVE-2016-20054

Name of the Vulnerable Software and Affected Versions Nodcms (affected versions not specified)

Description A cross-site request forgery issue allows attackers to perform unauthorized administrative actions by crafting malicious forms. Authenticated administrators can be tricked into submitting requests to the "/admin/user manipulate" and "/admin/settings/generall" endpoints, enabling the creation of users or the modification of application settings without explicit consent.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.