CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-8908

An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 48.2%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

http://securitywarrior9.blogspot.in/2018/03/cross-site-request-forgery-frog-cms-cve.html
https://www.exploit-db.com/exploits/44383/
http://securitywarrior9.blogspot.in/2018/03/cross-site-request-forgery-frog-cms-cve.html
https://www.exploit-db.com/exploits/44383/

Products affected by CVE-2018-8908

Frog Cms Project » Frog Cms » Version: 0.9.5

cpe:2.3:a:frog_cms_project:frog_cms:0.9.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-8908

Products

Pricing

Contact Us