HIGH🇵🇱 Wersja polska

CVE-2018-10267

CVSS 8.8v3.0pub. 2018-04-22upd. 2024-11-21

WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Wtcms Project Wtcms

    APP
    Wtcms Project
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-48237CRITICAL9.8PL ✓ten sam produkt

WTCMS 1.0 — błędna kontrola dostępu w HomebaseController

CVE-2019-8908CRITICAL9.8ten sam produkt

An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the...

CVE-2019-8909HIGH7.5ten sam produkt

An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consum...

CVE-2019-8910HIGH8.8ten sam produkt

An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.

CVE-2025-13782MEDIUM5.5ten sam produkt

A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by thi...