First published: Sun May 13 2018(Updated: )
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pbootcms Pbootcms | =1.0.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2018-11018.
The severity of CVE-2018-11018 is high.
The affected software version is PbootCMS v1.0.7.
This vulnerability occurs due to a Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php.
Remote attackers can exploit this vulnerability to add administrator accounts via admin.php/role/add.html.