Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that create News pages via a publish action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
plume-cms plume cms 1.2 |
||
plume-cms plume cms 1.1.3 |
||
plume-cms plume cms 1.2.2 |
||
plume-cms plume cms 1.2.1 |
||
plume-cms plume cms 1.0.5 |
||
plume-cms plume cms |
||
plume-cms plume cms 1.2.3 |
||
plume-cms plume cms 1.0.3 |
||
plume-cms plume cms 1.0.6 |
||
plume-cms plume cms 1.0.2 |
||
plume-cms plume cms 1.0.4 |