CVE-2018-16314

2018-09-0118:00:00

mitre

www.cve.org

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

46.5%

JSON

An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.

References

github.com/idreamsoft/iCMS/issues/35