CVE-2018-11527
CVE-2018-11527 affects CScms v4.1, where a Cross-site request forgery (CSRF) in plugins/sys/admin/Sys.php allows remote attackers to change the administrator’s username and password via /admin.php/sys/editpass_save. Exploitation details are not provided beyond the path, but the vulnerability enab...