CSRF Vulnerability in PublicCMS V4.0.20180210 Allows Unauthorized Admin Account Creation

CSRF Vulnerability in PublicCMS V4.0.20180210 Allows Unauthorized Admin Account Creation

CVE-2018-11500 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.