Vulnerability Details CVE-2016-20054
Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints to create users or modify application settings without explicit consent.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.7%
CVSS Severity
CVSS v3 Score 4.3
References