Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints to create users or modify application settings without explicit consent.
| Vendor | Product | Versions |
|---|---|---|
| nodcms | nodcms | 1.0 |
Updated severity to HIGH and marked exploit as available and actively exploited.
Initial creation
