CVE-2018-16338

Publication date

2018-09-02 18:00:00

Family

mitre

State

PUBLISHED

Description

An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrators password via admin.php?mod=users and subsequently add a page or menu, or submit a topic.