CVE-2018-16431

admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account.
References
Link Resource
http://hpdoger.me/2018/08/23/Csrf%20in%20YFCMF%203.0/ Exploit Third Party Advisory URL Repurposed
http://hpdoger.me/2018/08/23/Csrf%20in%20YFCMF%203.0/ Exploit Third Party Advisory URL Repurposed
Configurations

Configuration 1 (hide)

cpe:2.3:a:yfcmf:yfcmf:3.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:52

Type Values Removed Values Added
References () http://hpdoger.me/2018/08/23/Csrf%20in%20YFCMF%203.0/ - Exploit, Third Party Advisory, URL Repurposed () http://hpdoger.me/2018/08/23/Csrf%20in%20YFCMF%203.0/ - Exploit, Third Party Advisory, URL Repurposed

14 Feb 2024, 01:17

Type Values Removed Values Added
References () http://hpdoger.me/2018/08/23/Csrf%20in%20YFCMF%203.0/ - Exploit, Third Party Advisory () http://hpdoger.me/2018/08/23/Csrf%20in%20YFCMF%203.0/ - Exploit, Third Party Advisory, URL Repurposed

Information

Published : 2018-09-04 00:29

Updated : 2024-11-21 03:52


NVD link : CVE-2018-16431

Mitre link : CVE-2018-16431

CVE.ORG link : CVE-2018-16431


JSON object : View

Products Affected

yfcmf

  • yfcmf
CWE
CWE-352

Cross-Site Request Forgery (CSRF)