CVE-2018-7219 Information

Description

application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://foreversong.cn/archives/1081

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8