← Back

Srcms

srcms

Vendor: Srcms Project • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-19319
1Srcms Project
1Srcms
Nov 21, 2024
Nov 16, 2018
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges.
CVE-2018-19318
1Srcms Project
1Srcms
Nov 21, 2024
Nov 16, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.
CVE-2018-14069
1Srcms Project
1Srcms
Nov 21, 2024
Jul 15, 2018
N/A· v4
8.8 HIGH· v3
6.0 MEDIUM· v2
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.
CVE-2018-14068
1Srcms Project
1Srcms
Nov 21, 2024
Jul 15, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add.