Sign in Subscribe

← All vendors

Vendor

Diafan

Products

1

CVEs

1

Across products

1

Status

Private

Products

1

Diafan.CMS
1 CVE

Recent CVEs

1

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2011-5318		0.03	—	0.00		Jan 1, 2015	Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/.

CVE-2011-5318Jan 1, 2015
risk 0.03cvss —epss 0.00
Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/.