cvedb.io
CVE-2018-16449
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2018-09-04T04:29:00.950 · Last modified 2026-06-17T01:44:18.173

Summary

OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html.

Affected products

onethink — onethink

Does this affect you?

Add your gear to cvedb and we'll alert you only when onethink ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.