CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16732
https://notcve.org/view.php?id=CVE-2018-16732
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. \upload\plugins\sys\admin\Setting.php en CScms 4.1 permite Cross-Site Request Forgery (CSRF) mediante admin.php/setting/ftp_save. • https://github.com/AvaterXXX/CScms/blob/master/CScms_csrf.md https://www.patec.cn/newsshow.php?cid=24&id=123 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16448
https://notcve.org/view.php?id=CVE-2018-16448
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. Cscms 4 permite Cross-Site Request Forgery (CSRF) al crear un miembro mediante upload/admin.php/user/save; autenticar miembros VIP mediante upload/admin.php/user/init/tid y upload/admin.php/user/init/rzid y crear un super administrador y editor web mediante upload/admin.php/sys/save. • https://github.com/chshcms/cscms/issues/1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16337
https://notcve.org/view.php?id=CVE-2018-16337
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. Se ha descubierto un problema en Cscms V4.1.8. Hay una vulnerabilidad Cross-Site Request Forgery (CSRF) que puede modificar la configuración básica de un sitio web mediante upload/admin.php/setting/save. • https://github.com/chshcms/cscms/issues/2 • CWE-352: Cross-Site Request Forgery (CSRF) •