An issue exists in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote malicious users to change the administrator's username and password via /admin.php/sys/editpass_save.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cscms project cscms 4.1 |