WampServer prior to 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wampserver wampserver |