3 matches found
WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change)
WityCMS 0.6.2 - Cross-Site Request Forgery Password Change input type="hidden" name="groupe"...
WityCMS 0.6.2 Cross Site Request Forgery
...
CVE-2018-14029
CVE-2018-14029 : CSRF in the WityCMS 0.6.2 admin/user/edit flow allows an attacker to take over a user account by modifying user data (e.g., email, password). The vulnerability stems from cross-site request forgery in the admin interface, with CVSSv3 base score 8.8 (HIGH) and user interaction req...