CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16448
https://notcve.org/view.php?id=CVE-2018-16448
04 Sep 2018 — Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. Cscms 4 permite Cross-Site Request Forgery (CSRF) al crear un miembro mediante upload/admin.php/user/save; autenticar miembros VIP mediante upload/admin.php/user/init/tid y upload/admin.php/user/init/rzid y crear un super administrador y editor web mediante ... • https://github.com/chshcms/cscms/issues/1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16337
https://notcve.org/view.php?id=CVE-2018-16337
02 Sep 2018 — An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. Se ha descubierto un problema en Cscms V4.1.8. Hay una vulnerabilidad Cross-Site Request Forgery (CSRF) que puede modificar la configuración básica de un sitio web mediante upload/admin.php/setting/save. • https://github.com/chshcms/cscms/issues/2 • CWE-352: Cross-Site Request Forgery (CSRF) •