CVE-2018-8908

An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests.

Published : 2018-03-31 22:29 Updated : 2018-05-09 18:47

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Frog Cms Project Frog Cms 0.9.5 cpe:/a:frog_cms_project:frog_cms:0.9.5
  1. Frog Cms Project (1) Search CVE
    1. Frog Cms (1) Search CVE
      1. 0.9.5

CWE

ID Name Description Links
CWE-352 Cross-Site Request Forgery (CSRF) The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. CVE

History of changes

Date Event
2018-05-09 18:47
2018-04-05 01:29
2018-03-31 22:29

New CVE