vendor:
EditMe CMS
by:
Vulnerability Laboratory
2,8
CVSS
MEDIUM
Cross Site Request Forgery (CSRF)
352
CWE
Product Name: EditMe CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2016
EditMe CMS – CSRF Privilege Escalate Web Vulnerability
An independent vulnerability laboratory researcher discovered a csrf privilege escalate web vulnerability in the official EditMe content managament system. The vulnerability allows to perform malicious client-side web-application requests to execute non-protected functions with own web context. In the absence of security token, an attacker could execute arbitrary code in the administrators browser to gain unauthorized access to the administrator access privileges.
Mitigation:
Implement security tokens to protect against CSRF attacks.
