CVE-2019-8902
MEDIUMidreamsoft iCMS < 7.0.14 - Cross-Site Request Forgery via public/api.php?app=user URI
Title source: llmDescription
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/idreamsoft/iCMS/issues/56
Scores
CVSS v3
5.7
EPSS
0.0038
EPSS Percentile
30.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (1)
idreamsoft/icms
< 7.0.14
Published
Feb 18, 2019
Tracked Since
Feb 18, 2026