CVE-2018-881725.03.2018, 19:29Wampserver before 3.1.3 has CSRF in add_vhost.php.CSRFEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST8.8 HIGHNETWORKLOWNONECVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 62%VendorProductVersionwampserverwampserver𝑥< 3.1.3𝑥= Vulnerable software versionsKnown Exploits!https://www.exploit-db.com/exploits/44385/https://www.exploit-db.com/exploits/44385/Common Weakness EnumerationCWE-352 - Cross-Site Request Forgery (CSRF)The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Referenceshttp://forum.wampserver.com/read.php?2%2C138295%2C150722%2Cpage=6#msg-150722https://seclists.org/bugtraq/2019/Jun/10https://www.exploit-db.com/exploits/44385/http://forum.wampserver.com/read.php?2%2C138295%2C150722%2Cpage=6#msg-150722https://seclists.org/bugtraq/2019/Jun/10https://www.exploit-db.com/exploits/44385/