cve/2018/CVE-2018-9926.md

CVE-2018-9926

Description

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add.

POC

Reference

• https://github.com/wuzhicms/wuzhicms/issues/128
• https://github.com/wuzhicms/wuzhicms/issues/128
• https://www.exploit-db.com/exploits/44439/
• https://www.exploit-db.com/exploits/44439/

Github

• https://github.com/anquanquantao/iwantacve