CVE-2018-19319

SRCMS 3.0.0 contains a CSRF vulnerability that allows an attacker to change product prices via admin.php?m=Admin&c=gifts&a=update, exploiting the super administrator’s privileges. The issue arises from lack of proper CSRF protection for admin actions, enabling unauthorized price modification. Doc...

CVE-2018-14069

SRCMS V2.3.1 contains a CSRF flaw that allows an attacker to add a user account via admin.php?m=Admin&c=member&a=add. The affected component is the user-management functionality; the root cause is a CSRF vulnerability in the request handling for adding members. Impact statements in the sources in...

CVE-2018-19318

The CVE-2018-19318 issue affects SRCMS 3.0.0 and is a CSRF vulnerability that can be exploited via admin.php?m=Admin&c=manager&a=update to alter the super administrator’s username and password. Root cause: CSRF on the admin update endpoint allows unauthorized change of credentials. Impact: compro...

CVE-2018-14068

SRCMS V2.3.1 is affected by a CSRF vulnerability that can add an administrator account via the endpoint admin.php?m=Admin&c=manager&a=add. This exposes the admin creation function to CSRF, enabling potential unauthorized admin access. The issue is confirmed across multiple sources (CVE-2018-14068...