Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Frog CMS 跨站请求伪造漏洞
Vulnerability Description
Frog CMS是软件开发者Philippe Archambault所研发的一套内容管理系统(CMS)。该系统提供页面模板、用户权限管理以及文件管理所需的工具。 Frog CMS 0.9.5版本中的/admin/?/user/add存在跨站请求伪造漏洞。远程攻击者可通过诱使用户点击特制的页面利用该漏洞获取管理员权限。
CVSS Information
N/A
Vulnerability Type
N/A