ID CVE-2018-6888
Summary An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
exploit-db via4
description TypeSetter CMS 5.1 - Cross-Site Request Forgery. CVE-2018-6888. Webapps exploit for PHP platform
id EDB-ID:44029
last seen 2018-02-13
modified 2018-02-13
published 2018-02-13
reporter Exploit-DB
source https://www.exploit-db.com/download/44029/
title TypeSetter CMS 5.1 - Cross-Site Request Forgery
packetstorm via4
data source https://packetstormsecurity.com/files/download/146397/typesettercms51-xsrf.txt
id PACKETSTORM:146397
last seen 2018-02-16
published 2018-02-14
reporter Navina Asrani
source https://packetstormsecurity.com/files/146397/TypeSetter-CMS-5.1-Cross-Site-Request-Forgery.html
title TypeSetter CMS 5.1 Cross Site Request Forgery
refmap via4
misc https://securitywarrior9.blogspot.in/2018/02/cross-site-request-forgery-type-setter.html
Last major update 11-02-2018 - 22:29
Published 11-02-2018 - 22:29
Last modified 19-02-2018 - 21:29
Back to Top