CVE-2018-16448 Information

Description

Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid and creating a super administrator and web editor via upload/admin.php/sys/save.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://github.com/chshcms/cscms/issues/1

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8