31 Mar 2018
CVE-2018-8908 - CVE Vulnerability
An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests. (CVSS:0.0) (Last Update:2018-03-31)
Vulnerability Details : An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests. Publish Date : 2018-03-31 Last Update Date : 2018-03-31 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2018-8908
- References For CVE-2018-8908
| ||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2018-8908There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |