vendor:
Colorful Blog
by:
Besim
5.5
CVSS
MEDIUM
Cross-Site Request Forgery
352
CWE
Product Name: Colorful Blog
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2016
Colorful Blog – Cross-Site Request Forgery (Change Admin Pass)
You can change admin's password with CSRF, if you know admin's username
Mitigation:
Implement CSRF tokens and strict input validation