Cross Site Request Forgery (CSRF) vulnerability in OECMS v4.3.R60321 and later versions allows unauthorized addition of administrator accounts

Cross Site Request Forgery (CSRF) vulnerability in OECMS v4.3.R60321 and later versions allows unauthorized addition of administrator accounts

CVE-2019-1010112 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3.

Learn more about our Cms Pen Testing.