CVE-2018-18449

EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.
References
Link Resource
https://github.com/w3irdo001/demo/blob/master/3.html Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:phome:empirecms:7.5:*:*:*:*:*:*:*

Information

Published : 2019-03-07 11:29

Updated : 2019-03-08 12:39


NVD link : CVE-2018-18449

Mitre link : CVE-2018-18449

Products Affected
No products.
CWE