Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote malicious users to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
runcms runcms 1.6.1 |