2 matches found
CVE-2018-16732
CVE-2018-16732 affects CScms 4.1. The flaw is in \upload\plugins\sys\admin\Setting.php, enabling CSRF via admin.php/setting/ftp_save. CVSS data: v2 base 6.8 (NETWORK, no auth, partial CIA/I/A), and CVSSv3 base 8.8 (NETWORK, UI REQUIRED, HIGH impact on Confidentiality, Integrity, Availability). Co...
CVE-2018-16732
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftpsave...