CVE-2018-7308
Description
A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CSRF vulnerability in DanWin hosting allows remote attackers to add, delete, or modify files in any hosting account.
Vulnerability
A CSRF vulnerability exists in var/www/html/files.php in DanWin hosting through 2018-02-11. The file lacks CSRF protection, allowing an attacker to perform actions on behalf of an authenticated administrator [1].
Exploitation
An attacker can craft a malicious link or page that, when visited by an authenticated admin, triggers arbitrary file operations (add, delete, modify) without the admin's consent [1]. No additional authentication is required for the attacker.
Impact
Successful exploitation enables the attacker to add, delete, or modify any files in any hosting account, leading to potential data loss, website defacement, or full account compromise [1].
Mitigation
As of the available references, no official fix has been released. Users should implement CSRF tokens in files.php or apply input validation until a patch is provided [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.andmp.com/2018/02/advisory-assigned-cve-2018-7308-csrf.htmlmitrex_refsource_MISC
- github.com/DanWin/hosting/issues/18mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.