exploitDog

CVE-2018-10503

Опубликовано: 27 апр. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.

Ссылки

https://github.com/monburan/attack-baijiacmsV4-with-csrf
Exploit
Third Party Advisory
https://github.com/monburan/attack-baijiacmsV4-with-csrf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:baijiacms_project:baijiacms:4_1_4_20170105:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00134

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-mch4-5vr9-8hcf

CVSS3: 8.8

github

больше 3 лет назад

An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.

EPSS

Процентиль: 33%

0.00134

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352