CVE-2018-11018

An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.

Published : 2018-05-13 22:29 Updated : 2018-06-18 13:41

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Pbootcms Pbootcms 1.0.7 cpe:/a:pbootcms:pbootcms:1.0.7
  1. Pbootcms (1) Search CVE
    1. Pbootcms (1) Search CVE
      1. 1.0.7

CWE

ID Name Description Links
CWE-352 Cross-Site Request Forgery (CSRF) The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. CVE

History of changes

Date Event
2018-06-18 13:41
2018-05-13 22:29

New CVE