CVE-2018-10127

An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser request, resulting in addition of an account with the administrator role.
References
Link Resource
https://github.com/gosea/xyhcms/issues/1 Broken Link Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:xyhcms_project:xyhcms:3.5:*:*:*:*:*:*:*

Information

Published : 2018-04-16 03:29

Updated : 2018-05-11 06:09


NVD link : CVE-2018-10127

Mitre link : CVE-2018-10127

Products Affected
No products.
CWE