2 matches found
CVE-2018-19291
An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI...
CVE-2018-19291
DiliCMS 2.4.0 contains a CSRF vulnerability that can delete a user or group via admin/index.php/user/del/1 or admin/index.php/role/del/2. This has been documented across multiple sources (e.g., NVD, CVE records). The underlying issue is a cross-site request forgery that allows unauthorized action...