DaiCuo CMS Cross-Site Request Forgery Vulnerability

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in DaiCuo CMS versions prior to 1.3.13. This issue affects the file '/admin.php/addon/index', where the application fails to properly verify if a request was intentionally made by the user. As a result, an attacker could exploit this vulnerability to perform actions on behalf of the user without their consent.

Impact

Exploitation of this vulnerability allows for cross-site request forgery, where an attacker can trick a user into performing actions they did not intend to, potentially leading to unauthorized changes or actions within the application.

Added: Jun 29, 2025, 5:19 PM

Updated: Jun 29, 2025, 5:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.8

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.8

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DaiCuo CMS Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

DaiCuo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating