2 matches found
Creditwest Bank CMS Project Cross-Site Request Forgery Vulnerability
The Creditwest Bank CMS Project aka CWCMS is a content management system CMS. A cross-site request forgery vulnerability exists in the Website Configuration Update feature in Creditwest Bank CMS Project 2017-07-28 and prior releases. A remote attacker can exploit this vulnerability to inject...
Cross site request forgery (csrf)
Creditwest Bank CMS Project aka CWCMS through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters...