CVE-2018-18735
CVE-2018-18735 describes a cross-site request forgery in Catfish Blog 2.0.33, specifically in the admin/Index/tiquan functionality. The CVE entry notes a CSRF vulnerability that could allow an attacker to affect user roles (e.g., change user type) given the documented access path. From the initia...