First published: Mon Dec 17 2018(Updated: )
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TheDayLightStudio Fuel CMS | =1.4.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20188 refers to a vulnerability in FUEL CMS 1.4.3 that allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks to add an administrator account.
CVE-2018-20188 has a severity rating of 8.8, which is considered high.
CVE-2018-20188 affects FUEL CMS 1.4.3, allowing an attacker to perform CSRF attacks via the users/create/ endpoint.
To fix CVE-2018-20188, it is recommended to update FUEL CMS to a version that includes a patch for this vulnerability.
You can find additional information about CVE-2018-20188 in the provided reference link: https://github.com/m3lon/CVE/blob/master/CSRF/FUELCMS%20CSRF.md