CVE-2016-20054

MEDIUM 4.3

Nodcms Cross Site Request Forgery via admin endpoints

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

9th

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints to create users or modify application settings without explicit consent.

CWE	CWE-79
Vendor	nodcms
Product	nodcms
Published	Apr 4, 2026
Last Updated	Apr 6, 2026

Stay Ahead of the Next One

Get instant alerts for nodcms nodcms

Be the first to know when new medium vulnerabilities affecting nodcms nodcms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected Versions

nodcms / nodCMS

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/40707

Credits

Ashiyane Digital Security Team