2 results (0.013 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

27 Dec 2021 — An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks. Un problema en el cuadro de inicio de sesión de usuario de CSCMS versión v4.0, permite a atacantes secuestrar cuentas de usuario por medio de ataques de fuerza bruta • https://github.com/chshcms/cscms/issues/5 • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

04 Sep 2018 — Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. Cscms 4 permite Cross-Site Request Forgery (CSRF) al crear un miembro mediante upload/admin.php/user/save; autenticar miembros VIP mediante upload/admin.php/user/init/tid y upload/admin.php/user/init/rzid y crear un super administrador y editor web mediante ... • https://github.com/chshcms/cscms/issues/1 • CWE-352: Cross-Site Request Forgery (CSRF) •