CVE-2016-20054

Medium CVSS: 5.3

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints to create users or modify application settings without explicit consent.

Vendor

Product

CWE

CWE-79

Yayın Tarihi

2026-04-04 20:16:15

Güncelleme

2026-04-07 13:20:55

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 MEDIUM 2026

Referanslar

https://www.exploit-db.com/exploits/40707