WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner.
CPE | Name | Operator | Version |
---|---|---|---|
wampserver | lt | 3.1.9 |