First published: Sat Nov 17 2018(Updated: )
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
S-cms S-cms | =1.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-19332 is high.
S-CMS version 1.5 is affected by CVE-2018-19332.
CVE-2018-19332 is associated with CWE ID 352.
An attacker can exploit CVE-2018-19332 by sending a specially crafted request to the admin/ajax.php?type=member&action=add URI, allowing them to add a new user.
Yes, there is a proof of concept available for CVE-2018-19332. You can find it at the following link: [https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmscsrf.html](https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmscsrf.html)