CVE-2018-16365
CVE-2018-16365 : In idreamsoft iCMS v7.0.10, the admincp.php?app=group&do=save endpoint is vulnerable to Cross-Site Request Forgery (CSRF). The CNVD entry notes this CSRF can be exploited to add an administrator account, indicating a real impact vector affecting CMS login/privilege management. Af...