An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/idreamsoft/iCMS/issues/35 |
![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: mitre
Published: 2018-09-01T18:00:00
Updated: 2024-08-05T10:17:38.413Z
Reserved: 2018-09-01T00:00:00
Link: CVE-2018-16314

No data.

Status : Modified
Published: 2018-09-01T18:29:00.537
Modified: 2024-11-21T03:52:30.530
Link: CVE-2018-16314

No data.