w3irdo001

2 exploits Active since Oct 2018
CVE-2018-18436 WRITEUP HIGH WORKING POC
JTBC(PHP) 3.0 - Cross-Site Request Forgery via Account Creation
JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI.
CVSS 8.8
CVE-2018-18449 WRITEUP HIGH WORKING POC
EmpireCMS 7.5 - Cross-Site Request Forgery via AddUser Action
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.
CVSS 8.8