Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) add an administrator via an add action to admin/users/add or (2) modify a web page via a save action to admin/pages/edit/web_page_name.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
nikola posa webfoliocms1.1.3 |
||
nikola posa webfoliocms1.0.5 |
||
nikola posa webfoliocms1.0.4 |
||
nikola posa webfoliocms1.1.2 |
||
nikola posa webfoliocms1.1.1 |
||
nikola posa webfoliocms1.0.3 |
||
nikola posa webfoliocms1.0.2 |
||
nikola posa webfoliocms1.1.0 |
||
nikola posa webfoliocms1.0.9 |
||
nikola posa webfoliocms1.1.4 |
||
nikola posa webfoliocms1.0.8 |
||
nikola posa webfoliocms1.0.7 |
||
nikola posa webfoliocms1.0.6 |
Vulmon