2 matches found
CVE-2018-10503
Affected software: baijiacms V4 (build v4_1_4_20170105). Vulnerability type: Cross‑site request forgery (CSRF). Root cause / vector: CSRF in index.php enables manipulation via the op parameter (op=edituser, op=changepwd, op=deleteuser). This allows an attacker to add an administrator account, cha...
CVE-2018-10503
An issue was discovered in index.php in baijiacms V4 v41420170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser...