2 matches found
Cross site request forgery (csrf)
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935...
CVE-2018-18935
PopojiCMS v2.0.1 is affected by a Cross-Site Request Forgery vulnerability. The issue arises in the po-admin/route.php?mod=component&act=addnew URI, enabling CSRF to add a level=1 account. The connected records confirm the vulnerable path and the action (adding an account) but do not provide publ...