CVE-2018-9856

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request.
References
Link Resource
https://github.com/Kotti/Kotti/issues/551 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:kotti_project:kotti:2.0.0b1:*:*:*:*:*:*:*
cpe:2.3:a:kotti_project:kotti:2.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:kotti_project:kotti:*:*:*:*:*:*:*:*

Information

Published : 2018-04-09 07:29

Updated : 2018-05-15 02:20


NVD link : CVE-2018-9856

Mitre link : CVE-2018-9856

Products Affected
No products.
CWE