An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests.
References
Link | Resource |
---|---|
http://securitywarrior9.blogspot.in/2018/03/cross-site-request-forgery-frog-cms-cve.html | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/44383/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-03-31T22:00:00
Updated: 2018-04-04T09:57:01
Reserved: 2018-03-21T00:00:00
Link: CVE-2018-8908
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-03-31T22:29:00.307
Modified: 2018-05-09T18:47:58.303
Link: CVE-2018-8908
JSON object: View
Redhat Information
No data.
CWE