CSRF Vulnerability in DiliCMS 2.4.0 Allows Unauthorized User or Group Deletion

CVE-2018-19291 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:P

An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.

Learn more about our Cms Pen Testing.