CVE-2018-10185

An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call...

CVE-2018-10185

CVE-2018-10185 affects TuziCMS v2.0.6. The issue is a Cross-Site Request Forgery (CSRF) vulnerability that can add an administrator account, demonstrated via a history.pushState call. Impact/summary: attacker-triggered CSRF can escalate to admin rights on affected deployments. The Red Hat and CNV...