cvedb.io
CVE-2018-8908
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2018-03-31T22:29:00.307 · Last modified 2026-06-17T02:05:37.790

Summary

An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests.

Affected products

frog_cms_project — frog_cms

Does this affect you?

Add your gear to cvedb and we'll alert you only when frog_cms_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.