CVE-2018-16314 (icms)
-
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16314
© Lightnetics 2024