CVE-2018-10267

WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI.
References
Link Resource
https://github.com/taosir/wtcms/issues/1 Third Party Advisory
https://www.hackpwn.me/2018/04/21/1/ Exploit Third Party Advisory URL Repurposed
https://github.com/taosir/wtcms/issues/1 Third Party Advisory
https://www.hackpwn.me/2018/04/21/1/ Exploit Third Party Advisory URL Repurposed
Configurations

Configuration 1 (hide)

cpe:2.3:a:wtcms_project:wtcms:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:41

Type Values Removed Values Added
References () https://github.com/taosir/wtcms/issues/1 - Third Party Advisory () https://github.com/taosir/wtcms/issues/1 - Third Party Advisory
References () https://www.hackpwn.me/2018/04/21/1/ - Exploit, Third Party Advisory, URL Repurposed () https://www.hackpwn.me/2018/04/21/1/ - Exploit, Third Party Advisory, URL Repurposed

14 Feb 2024, 01:17

Type Values Removed Values Added
References (MISC) https://www.hackpwn.me/2018/04/21/1/ - Exploit, Third Party Advisory (MISC) https://www.hackpwn.me/2018/04/21/1/ - Exploit, Third Party Advisory, URL Repurposed

Information

Published : 2018-04-22 01:29

Updated : 2024-11-21 03:41


NVD link : CVE-2018-10267

Mitre link : CVE-2018-10267

CVE.ORG link : CVE-2018-10267


JSON object : View

Products Affected

wtcms_project

  • wtcms
CWE
CWE-352

Cross-Site Request Forgery (CSRF)