CVE-2019-16721: CSRF
First published: Mon Sep 23 2019(Updated: )
NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 5none Nonecms | =1.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for NoneCMS v1.3 CSRF?
The vulnerability ID for NoneCMS v1.3 CSRF is CVE-2019-16721.
What is the severity of CVE-2019-16721?
The severity of CVE-2019-16721 is medium with a severity value of 6.5.
Which software versions are affected by NoneCMS v1.3 CSRF vulnerability?
The vulnerability affects NoneCMS v1.3.0.
How does the NoneCMS v1.3 CSRF vulnerability work?
The vulnerability allows attackers to perform CSRF attacks by exploiting the public/index.php/admin/admin/dele.html endpoint to delete the admin user.
Is there a fix available for the NoneCMS v1.3 CSRF vulnerability?
Currently, there is no known fix for the NoneCMS v1.3 CSRF vulnerability. It is recommended to update to a newer version of the software if available or to implement additional mitigations.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/5none
- canonical/5none nonecms
- version/5none nonecms/1.3.0