4 matches found
OpenCMS 10.5.3 Cross Site Request Forgery
Exploit Title: OpenCMS 10.5.3 Multiple Cross Site Request Forgery Vulnerabilities Injection Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...
OpenCMS 10.5.3 - Cross-Site Request Forgery
Exploit Title: OpenCMS 10.5.3 Multiple Cross Site Request Forgery Vulnerabilities Injection Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...
CVE-2018-8811
Cross-site request forgery CSRF vulnerability in system/workplace/admin/accounts/userrole.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. Note: It is argued that OpenCMS allows only registered users...
CVE-2018-8811
OpenCMS 10.5.3 is affected by a CSRF vulnerability in system/workplace/admin/accounts/user_role.jsp that can lead to privilege escalation by hijacking an admin session. Exploitation requires the attacker to have a CMS account with content-manager privileges; multiple public exploits (Exploit-DB, ...