Intrusion Prevention

WUZHI.CMS.CSRF

Description

This indicates an attack attempt against a Cross-Site Request-Forgery vulnerability in WUZHI CMS.
The vulnerability is due to insufficient sanitization of user supplied inputs in the application. An authenticated attacker may exploit this to reset the password of a common member in the context of an authorized user's session.

Affected Products

WUZHI CMS 4.1.0

Impact

Privilege Escalation: Remote attackers can leverage their privilege on the vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

CVE References

CVE-2018-10312