Cross site request forgery (csrf)

2021-07-0816:15:00

PRIOn knowledge base

www.prio-n.com

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.9%

JSON

A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.

CPENameOperatorVersion
xyhcmseq3.6

CPE	Name	Operator	Version
	xyhcms	eq	3.6

References

www.xyhcms.com/Show/download/id/2/at/0.html

xyhcms.com

github.com/0xyu/PHP_Learning/issues/4