The lack of CSRF check and sanitisation could allow attackers to perform CSRF attacks against logged in administrators, and set a Cross-Site Scripting payload via addons_title parameter in the CMDM_admin_settings page.
CPE | Name | Operator | Version |
---|---|---|---|
cm-download-manager | lt | 2.0.7 |