Lfdycms Lfcms vulnerabilities
2 known vulnerabilities affecting lfdycms/lfcms.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2018-12603P3HIGHCVSS 8.8PoCv3.7.02018-06-25
CVE-2018-12603 [HIGH] CVE-2018-12603: Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers
Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.
nvd
CVE-2018-12602P3HIGHCVSS 8.8PoCv3.7.02018-06-25
CVE-2018-12602 [HIGH] CWE-352 CVE-2018-12602: A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.
A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.
nvd