CVE-2016-20054

MEDIUM

Nodcms Cross Site Request Forgery via admin endpoints

Title source: cna

Description

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints to create users or modify application settings without explicit consent.

Exploits (1)

exploitdb WORKING POC

by Amir.ght · htmlwebappsphp

https://www.exploit-db.com/exploits/40707

View Code ZIP pw:eip

References (1)

[Exploit] https://www.exploit-db.com/exploits/40707

Scores

CVSS v3 4.3

EPSS 0.0001

EPSS Percentile 2.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-352 CWE-79

Status published

Products (3)

khodakhah/nodcms 0Packagist

nodcms/nodcms 1.0

nodcms/nodCMS 1.0

Published Apr 04, 2026

Tracked Since Apr 05, 2026