Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Cross-Site Request Forgery (CSRF) (CMS Made Simple) - Vulnerability Database

Cross-Site Request Forgery (CSRF) (CMS Made Simple)

Description

Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.

Remediation

Update to CMS Made Simple 2.1.6 or later.

References

https://www.cmsmadesimple.org/2016/12/Announcing-CMSMS-v2-1-6-Spanish-Wells/
https://www.cvedetails.com/cve/CVE-2016-7904/
http://www.securityfocus.com/bid/95453

Related Vulnerabilities

Adobe Coldfusion 8 multiple linked XSS vulnerabilies High
Common tags: CSRF
WordPress Plugin WP Prayer Multiple Cross-Site Request Forgery Vulnerabilities (1.6.5) High
Common tags: CSRF
WordPress Plugin Qtranslate Slug Cross-Site Request Forgery (1.1.18) High
Common tags: CSRF
WordPress Plugin Remove Schema Cross-Site Request Forgery (1.4) High
Common tags: CSRF
WordPress Plugin Staff Directory:Company Directory Cross-Site Request Forgery (3.6) High
Common tags: CSRF

Severity

Medium

Classification

CVE-2016-7904
CWE-352
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

CSRF