vendor:
Microweber CMS
by:
sajith
5.5
CVSS
MEDIUM
CSRF
352
CWE
Product Name: Microweber CMS
Affected Version From: Microweber CMS v0.93
Affected Version To: Microweber CMS v0.93
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Microweber CMS v0.93 CSRF Vulnerability
Application is vulnerable to CSRF. An attacker can use this vulnerability to create a new user and assign Admin role to the user.
Mitigation:
Implement CSRF protection by using tokens and validating the requests.