An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser request, resulting in addition of an account with the administrator role.
References
Link | Resource |
---|---|
https://github.com/gosea/xyhcms/issues/1 | Broken Link Third Party Advisory |
https://github.com/gosea/xyhcms/issues/1 | Broken Link Third Party Advisory |
Configurations
History
21 Nov 2024, 03:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/gosea/xyhcms/issues/1 - Broken Link, Third Party Advisory |
Information
Published : 2018-04-16 15:29
Updated : 2024-11-21 03:40
NVD link : CVE-2018-10127
Mitre link : CVE-2018-10127
CVE.ORG link : CVE-2018-10127
JSON object : View
Products Affected
xyhcms_project
- xyhcms
CWE
CWE-352
Cross-Site Request Forgery (CSRF)