CVE-2018-7219

HIGH

8.8

CVSS Severity Score

EPSS Score0.0880%

EPSS Percentile37.44th

PublishedFeb 19, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request.

Affected Platforms (CPE)

📦

5none

Nonecms

= 1.3.0

References & Advisories

🔗 http://foreversong.cn/archives/1081

Related Vulnerabilities

CVE-2018-200629.8

An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via ...

CVE-2020-186477.5

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor"...

CVE-2020-186467.5

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.ph...

CVE-2018-60297.5

The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of in...