First published: Sun Mar 03 2019(Updated: )
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Popojicms Popojicms | =2.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-9549 is a vulnerability found in PopojiCMS version 2.0.1 that allows for CSRF attacks via the po-admin/route.php?mod=user&act=addnew URI.
CVE-2019-9549 has a severity rating of 8.8, which is classified as high.
CVE-2019-9549 affects PopojiCMS version 2.0.1.
The CSRF vulnerability in CVE-2019-9549 can be exploited by adding a level=1 account using the po-admin/route.php?mod=user&act=addnew URI.
At the moment, there is no known fix for CVE-2019-9549. It is recommended to update to a newer version of PopojiCMS if available or apply any patches provided by the developer.