2 matches found
CVE-2018-12603
Cross-site request forgery CSRF vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114...
CVE-2018-12603
CVE-2018-12603 affects LFCMS 3.7.0: a Cross-Site Request Forgery in admin.php via the s parameter allows remote attackers to hijack user authentication and add an administrator account. The issue enables adding admin accounts without user consent, as described in CVE-2018-12114 related disclosure...